Duo Single Sign-On (SSO) Support for OpenID Connect Soon in GA, Enabling More Secure Access
At Duo Security, we’re on a mission to secure user access to applications while lightening the load on IT teams. So today, we are announcing that Duo Single Sign-On (SSO) support for OpenID Connect is going to be generally available, so that organizations that require users to use these applications can seamlessly and securely do so.
Though it’s currently in public preview, once OIDC support is in general availability this spring, we will support three grant types: OIDC Authorization Code, OAuth 2.0 Client Credentials and Authorization Code with PKCE, and add more over time. You can also expect to see more out-of-the-box SAML 2.0 application integrations and on-demand, self-service password resets.
Configure SSO for OpenID Connect (OIDC) applications for seamless, secure access
With applications becoming commonplace in the workplace including cloud and mobile apps, validating the identity of users trying to access those apps is critically important. Many of the applications organization use today have been developed based on the Security Assertion Markup Language (SAML) v2.0 authentication standard, but OpenID Connect (OIDC) is also becoming popular because it is ideal for use with mobile apps and single-page web apps.
Some of the applications we’ve seen customers protect so far include:
Epic’s Haiku, Canto, and Rover mobile apps
IBM Spectrum Virtualize
IFS Cloud Datto
“It is great to see the Duo Single Sign-On product mature over just a short period of time to meet Enterprise-scale deployments,” says Sarabjeet Rana, Enterprise Security Architect, Cisco, “Our team started rolling out cloud-based Duo Single Sign-On in 2021 and so far, we have over 1,000 application integrations in Production. We are migrating about 3,000 applications from our legacy IAM solution to this modern Duo SSO platform enabling our users to enjoy Passwordless authentication and Zero Trust borderless access to the applications.”
We are migrating about 3,000 applications from our legacy IAM solution to this modern Duo SSO platform enabling our users to enjoy Passwordless authentication and Zero Trust borderless access to the applications.
“We are also very excited to use the Duo SSO OpenID Connect capability which allows us to secure more applications on modern Duo SSO along with existing SAML 2.0 support," says Ankit Mittal, Information Security Technical Leader, "The simple and intuitive UI allows us to modernize web apps within a few minutes." Sarabjeet adds, "Plus, the Passwordless future is upon us, and Duo SSO capabilities have brought us closer to realizing that future.”
Easily configure SAML 2.0 applications that your users depend on
IT teams continue to tell us that they want to easily onboard applications to Duo SSO. Hence, we are extending the library of applications available out-of-the-box. We have added SSO connectors for the following enterprise cloud applications, with more coming soon:
Cisco Meraki Secure Client
Cisco Umbrella End User Logins
Enable users to reset expired Active Directory passwords to lighten the burden on IT teams
Currently, with Duo SSO we allow users to reset Active Directory (AD) passwords after they have expired. But in certain cases-- such as part of a password rotation requirement or an unexpected incident-- users want the option to proactively reset passwords.
Hence, we are soon adding two additional capabilities for AD password resets. The first is allowing the user to change their password if they know their existing one. The second is alerting the user if their password is set to expire in a certain number of days and giving them the option to reset it. In both cases, this new capability will both improve user productivity and reduce the number of IT helpdesk tickets associated with resetting passwords.
Expand protection with Duo SSO, now supporting OpenID Connect
Enable your users to access apps securely and help IT teams save time and money with Duo SSO. Sign up for a free 30-day trial today!
And while you’re at it, check out some of the other updates we’re making at Cisco Secure, including updates to Duo's enterprise readiness features.