Product & Engineering

Cisco Duo & Chrome Enterprise: Solutions for Modern Identity

Over the last five years, enterprise work models have continuously evolved, shifting from COVID-era work-from-home policies to return-to-office initiatives. During this period, over 215,000 global mergers and acquisitions have been announced, complicating identity management and security as no two environments are identical.

In the age of AI, humans are still the weakest link, especially when bulk lists of credentials only cost $10-$15 dollars on the dark web according to Talos’ 2024 Year in Review. Companies around the world are formalizing the future of work and there is no time like the present to start securing your user identities with Cisco Duo and Google.

Duo & Google Expand Identity Protection

Aligned with Duo’s most recent announcement, we have collaborated with Google to release three new integrations to protect all enterprise identities in your environments.

• Duo Directory Sync from Google for Duo Users and Admins

• Device Data Sources by Chrome Enterprise

• Universal Enrollment Connector by Chrome Enterprise for Duo

Duo IAM & Google

With identity at the core of Universal Zero Trust Network Architecture, start protecting Google Cloud, Workspace, and Chrome Enterprise users with Duo Identity and Access Management (IAM), Duo’s security-first IAM solution. Whether an administrator is working within the Duo Admin Panel or the Google Admin console, you can reduce security risks caused by manual errors through bi-directional sync. With Duo Directory, you can easily sync users and attributes with external sources and then leverage our popular SSO and MFA capabilities to provide seamless access management. Create a more seamless login experience by utilizing Google’s or Duo’s Single Sign-on (SSO).

Secure User Access with Duo + Chrome Enterprise

Building on our current Chrome Enterprise integration from RSA 2024 for managed devices, we are pleased to announce the expansion of support to include the additional context-aware signals for device trust:

• Minimum OS Version

• Screen Lock Password

• Disk Encryption

• Host Firewall

• Chrome Browser Version

• Device Enrollment Domain

Cisco Duo's new integration with the Chrome Enterprise browser empowers organizations using Duo as their identity provider to quickly and seamlessly manage Chrome profiles and apply consistent security policies across both managed and unmanaged devices. This makes it easy for enterprises to get critical security insights, apply granular browser controls and configure data loss prevention right in the browser already used by employees. Duo's additional integrations with Chrome Enterprise also enable organizations to leverage a wide range of signals and telemetry from Chrome to enforce device trust and deny access from devices, even those owned by partners or contractors, all without requiring the deployment of additional Duo agents or extensions. In collaboration with Chrome Enterprise, Duo is excited to announce Duo Single Sign-On for Chrome Enterprise.

Duo SSO functions as an OpenID Provider, authenticating your users with an existing on-premises Active Directory or SAML 2.0 IdP. It also prompts for multifactor or passwordless authentication before permitting access to resources protected by Chrome Enterprise.

To use these features, devices must be enrolled or have managed Chrome user accounts leveraging Chrome Enterprise Core, which unlocks cloud-based management and reporting for $0. Organizations looking for these features plus more advanced security and data protections can upgrade to Chrome Enterprise Premium.

For more information, check out this setup guide.

Separation of Personal and Work Browsing

As the modern workplace continues to evolve, so do the challenges of securely managing access across diverse user groups, devices, and scenarios. Even on fully managed devices, enterprises might want end users to only access their work resources from corporate-managed profiles. With Duo and the Chrome Enterprise browser you can easily encourage or enforce users to utilize their work profiles when accessing work websites and not their personal profiles. With Duo and Chrome Enterprise, organizations can unlock a variety of new use cases, ensuring seamless and secure access for every identity.

• BYOD & Unmanaged Devices: Duo and Chrome Enterprise make it easy to extend enterprise-grade security to Bring Your Own Device (BYOD) and unmanaged devices, giving employees the flexibility they want without compromising the safety of corporate resources.

• Partners, Contractors, and Third-Party Identities: With Duo’s robust identity security platform and Chrome Enterprise Premium’s enhanced data leak protection, organizations can now secure third-party identities as effectively as they do their internal teams, extending and fostering collaboration without sacrificing security.

• New Corporate Identities from Mergers & Acquisitions: Mergers and acquisitions bring a wave of new corporate identities, systems, and processes. Duo and Chrome Enterprise simplify the integration process, enabling fast and secure onboarding for new users while maintaining strict access control policies.

• Disaster Recovery Scenarios: Unforeseen disruptions can be as simple as bad weather delaying the delivery of a managed device. With Duo’s adaptive access policies and Chrome Enterprise’s familiar browser interface, administrators have the flexibility to quickly adapt, ensuring that users can securely access corporate systems regardless of their location or device, even in the most challenging circumstances.

• Contextual Access Control & Device Trust: Ensure only trusted, managed, and compliant devices running secure Chrome browsers can access sensitive Saas applications.

• Data Loss Prevention: Apply browser-level data security policies such as watermarking, screenshot protection, URL filtering, upload, download, copy-paste and print restrictions based on sensitivity of data to your Duo-protected SaaS apps.

• Comprehensive Visibility: Gain real-time insights into user activity, device posture, and security events, enabling proactive threat management.

Conclusion

In conclusion, the collaboration between Cisco Duo and Google Chrome Enterprise significantly strengthens identity security for modern organizations. Our joint solutions address the complexities of evolving work models by providing robust protection and contextual access control across diverse user groups and devices to stay ahead of the curve - delivering the perfect balance of security, flexibility, and user experience. With enhanced visibility and data loss prevention capabilities, organizations can confidently manage access for employees, contractors, and other third parties, even during M&A transitions. Ultimately, this partnership empowers enterprises to secure their critical resources and embrace the future of work with greater confidence and resilience.

Get started by reading more about Duo’s new security-first IAM solution or start using Duo as an identity broker or secondary identity provider. Simplify enrollment with Duo’s Single Sign-on integration with Chrome Enterprise and stop phishing attacks with the Cisco Device Trust Connector.

Looking to learn more about additional Cisco Security + Chrome Enterprise Recommended solutions?

Cisco Secure Access and Chrome Enterprise Solution Guide - This joint solution offers a secure way to access private web apps via the browser using Chrome Enterprise.

Splunk’s Chrome Enterprise Recommended Chrome Security & Reporting connector provides additional security insights.

Cisco Security for Chromebook — part of Cisco Umbrella and Cisco’s Security Service Edge (SSE) product family — provides DNS-layer security for the entire ChromeOS and secure web gateway (SWG) protection for the Chrome browser.