Configuation of Microsoft Azure Entra ID Custom Controls based and a Duo Application for to protect Entra ID logons with Duo MFA.
In part 3 of the 4 part series, we’ll walk through setting up Microsoft Azure Entra ID Custom Controls for Duo Single Sign-On.
Option 2:
Using Entra ID as the IdP with Conditional Access Rules to Facilitate the Duo Push
My Environment:
- DUO Premier Trial Account
- Fortinet Fully Featured Demo Keys
- Windows 11 Client Computer with FortiClient
- Microsoft Azure Entra ID licensed with E3
The FortiClient is set up for Remote Access.
References:
https://duo.com/docs/azure-ca#create-the-duo-azure-ca-application
Steps:
- Login to the Duo Admin Portal and Navigate to Single Sign-On -> Protect An Application. You will be presented with a list of applications, choose Microsoft Azure Active Directory.
- Once you select Microsoft Azure Active Directory, you will click the “Authorize” button which allows Duo to do some automation to prepare your Azure tenant.
- Once authorized you will be brought to a settings screen, it should look like the below. You should notice the Customer Control JSON text at the top. We’ll need this to create the Custom Control in Entra ID. At the bottom of this page, click Save.
- Now we need to log into the Entra ID Admin portal. Once in, navigate to Protection -> Conditional Access. Now click on “Custom Controls (Preview)” in order to create a custom control for Duo. Click the “New Custom Control” button.
- Now we’ll need the JSON text from Step 3 to fill out the custom control attributes. Not in the illustration how the information from the Duo Application is now entered into the Entra ID portal. Replace all of the sample text provided with the JSON.
- Save the Custom Control. Our setup of Entra ID is complete for now as we’ve enabled support for Duo to protect any application. In the next part, we’ll setup Conditional Access to use the Custom Control to protect Forticlient.
Leave a Reply