Allow the use of both Duo and HOTP for 2FA
Problem:
Enabling DUO 2FA completely replaces the default HOTP implementation. We use and pay for DUO for our internal users, but cannot make effective use of it with Cerberus because we do not also want to pay for DUO for the larger # of external users who have logins on our Cerberus server. Enabling DUO currently means not allowing 2FA for external users.
Request:
Allow a default 2FA implementation choice at the server level, and the ability to override that choice at the user or group level.
-
Our organization has the exact same issue as Joe. We would like to see the ability to enable both DUO and HOTP. In addition, we would like the ability to define/restrict by listener or interface which MFA is able to be used. For example, we may want to restrict DUO users from being able to access the SFTP server when they are not on our internal network. Or only allow HOTP from outside our network. Just some additional granularity in choice.
1 -
Same issue here. External users can't use DUO because they are not enrolled in our DUO organization which is only for internal users. Need to be able to fall back to HOTP for non-DUO enrolled users.
0 -
Hello Nathan,
I have gone ahead and passed your comments onto the enhancement request that accompanies this thread. We appreciate the time you took to leave us your feedback!
0
Please sign in to leave a comment.
Comments
3 comments