Industry News

Securing for third-party risk with Duo for identity management

Amidst a cacophony of news clamoring over AI-driven headlines, there’s an underlying need to secure and monitor the basics: Who are my users and what are they accessing? Unfortunately, the risk of unauthorized access only grows as “who” expands to include partners, agencies, suppliers, and contractors—each with their own set of identities, devices, and permissions.

The Challenge: Securing external identities

The Verizon 2025 Data Breach Investigations Report found that 30% of all breaches involved a third party—twice as many as the year before. This is echoed in Microsoft’s latest Digital Defense Report, reporting that about a third of attackers use simple methods to break in, often through trusted partners in your supply chain or online services.

Wherever these attacks originate in your supply chain, business continuity and data protection are imperative. That makes it essential for identity and access management (IAM) leaders to manage the risk that comes with granting suppliers, contractors, consultants, and even customers access to their company’s systems and data.

To proactively mitigate risk from external identities and prevent unauthorized access, Duo helps organizations adopt and extend zero trust identity security strategies to external users.

The Solution: Secure-by-default IAM for third-party identities

Duo’s flexible user directory capabilities and built-in phishing-resistant multi-factor authentication (MFA) make it easy to streamline identity and access management for internal and external identities—separately or together.

With a “security-first” approach to IAM, Duo gives businesses three powerful ways to manage third-party risk:

1. Brokering a parallel directory for external identities

Where do you store non-employee identities? For many organizations, it's a growing hassle to add third-party identities to their on-premises primary identity provider and then Saran-wrap them with MFA. The addition of Duo Directory equips admins to set up alternate directories so they can segment and securely manage external identities in parallel—but distinct from—employee data.

Duo can broker authentications between multiple identity sources through new easy-to-configure routing rules. Now, the same strong security functionality, policies, and standards for internal employees can be applied to suppliers, vendors, and contractors. This grants administrators an essential level of visibility and traceability for external identities alongside their employees.

2. Authenticating users and blocking risky, unmanaged devices

Strong identity security validates trust in devices as well as users themselves. That’s why every identity protected in Duo Directory comes with MFA, single-sign on (SSO), and device trust out of the box.

Duo’s industry-leading MFA supports a wide variety of authentication methods including phishing-resistant Proximity Verification, passwordless, tokens, SMS, and callbacks—along with the option to set up smarter risk-based authentication (RBA). Duo SSO streamlines logins and controls access with hundreds of premade integrations. This flexibility makes it easy to choose the ideal authentication method and level of access for every employee and trusted associate, regardless of identity source.

What's end-to-end phishing resistance with Duo? Get the infographic.

What about maintain visibility to the health of risky, unmanaged devices? Automatically managing device trust enables administrators to set security policies for unmanaged devices and block or make sure they stay up-to-date and in compliance.

Duo Device Trust delivers strong security for third-party devices without the need for additional endpoint protection or mobile device management (MDM). Seamlessly enforce a device health check at every authentication attempt, and spot vulnerabilities like outdated operating system versions or jailbroken/rooted devices before they can be exploited. For more stringent policies, differentiate authentication between devices that are managed or unmanaged, and block all unknown devices that aren’t denominated as “trusted.”

3. Streamlining identity management and saving administrative time

Administration of more identities is no easy feat.

Duo’s automated provisioning and deprovisioning make it easier than ever to set up and manage directories throughout the third-party identity lifecycle. IAM leaders can set granular access policies quickly using a single solution built for flexibility and admin usability, including built-in policy calculators and time-saving AI assistant queries. Creating custom user attributes can help with organization and ensure proper de-activation of permissions.

Duo streamlines management of cloud and on-premises apps unifying identity management and security across various groups working remotely and onsite. Secure third-party users against remote attacks—without having to ship out and manage hardware tokens.

Protect your extended identity ecosystem

Protect against unauthorized access to company data even when third-party vendors and suppliers get hacked. Duo delivers the industry’s most complete IAM solution for securing external identities with flexible, built-in identity directory capabilities complemented by industry-leading phishing-resistant MFA, SSO, and device trust. Secure identity by default, out of the box, for every user.

Read more about how Duo is Restoring Trust in Identity in our latest ebook or see how to set up security-first IAM on a bi-weekly Live Demo.