Skip navigation
Product & Engineering

What’s new for you: Duo is now identity and access management

Headshot of Scott Grebe, Sr. Product Marketing Manager
Scott Grebe
5 minute read

Blog writing provides a great opportunity to drop some pop culture references that help illustrate your points. For example, “Your identity is your most valuable possession. Protect it.” is a great line from the film, The Incredibles. It’s also very relevant to Duo customers. Duo’s long been a leader in defending against identity-based threats and securely managing access to critical assets. However, we’ve evolved into something more. Duo is now a security-first Identity and Access Management (IAM) solution. You may have seen our recent announcement.

Very cool! But what's in it for me?

This is exciting news for Duo customers. We know traditional IAM solutions are failing to protect against attacks that target users’ identities. They’ve become insecure, costly, and overly complex to implement. And attackers have gotten really good at stealing user credentials to the point where they can simply log in, not hack in. They’re also using AI to automate and accelerate their attacks. Clearly something had to change.

This became the driving force behind Duo IAM. As a Duo customer, you may be thinking, "This sounds really cool.” And like Kevin Costner’s character in the film Field of Dreams, you may be wondering, “What’s in it for me?” Let’s take a look.

Identity you can trust

As a security-first IAM solution, Duo integrates all the components needed to serve as the sole IAM platform, while operating as a unified defense layer across your existing identity infrastructure. With the announcement of Duo IAM, we’re launching impactful new capabilities to help organizations achieve security by default, and usability that people love. Within those capabilities are new features Duo customers can take advantage of in their identity stack. So, here’s what’s in it for you.

Security-first identity

At Duo, we take a security-first approach to IAM. This means we believe security should be a foundational component of an IAM solution, not an add-on. While Duo started out with MFA, over the years we’ve evolved by adding features like passwordless, SSO, and Device Trust. With the addition of our directory, we now have all the pieces to be a security-first IAM provider.

So what’s “new” new with this launch? That would be our Duo Directory functionality that enables Duo to be a full, or complementary, IAM solution. Here are some cool things Duo Directory can do:

  • User management — Duo can serve as your source of truth for managing identity directories, primary authentication, and user attributes.

  • Routing rules — Use Duo as a hub for authentication to route authentication requests between directories when you’ve got more than one.

  • Customer attributes — Go beyond the built-in attributes by creating and storing your own set of custom attributes to further define user identities.

  • Automated provisioning — Simplify user provisioning, changes, and deprovisioning to applications using direct API and SCIM (System for Cross-domain Identity Management) integrations.

  • AI Assistant — Duo’s out-of-the-box AI Assistant helps with all sorts of tasks like managing access, streamlining configuration, even speeding up user investigation when someone is stuck.

End-to-end phishing resistance

End-to-end phishing resistance means we protect your users from phishing attacks at every step of the identity lifecycle, starting with enrollment, to OS and application login, all the way to the help desk.

  • Proximity Verification — Prevent MFA bypass by verifying the authentication device (your mobile phone) and access device (your laptop) are in close physical proximity.

  • Session theft prevention — Guard against session hijacking by proactively removing session cookies and replacing them with a trusted signature Duo controls. That way there’s nothing for the attacker to steal.

  • Complete passwordless — A user never needs to have a password in Duo Directory. However, for uses cases still tied to passwords, we enable you to ditch passwords from attack points like the enrollment process and authentication fallback.

  • Identity Verification integration — Block social engineering attempts at the help desk from hackers pretending to be an employee in need of assistance by re-establishing trust via the use of a government ID.

Unified identity intelligence

Duo leverages identity intelligence to deliver deep visibility across your ecosystem, gathering identity insight and using AI to analyze that information. This ensures continuous monitoring, accelerates detection, and enables proactive responses to identity threats before, during, and after login.

  • User trust level — Dynamically assess user risk level by analyzing user behavior, context, and historical data across multiple identity sources—then seamlessly share this level to enrich relevant security tools and workflows.

World-class user experience

Delivering an exceptional experience for users and admins has always been a Duo tenet. It underpins everything we do, including the features we build like the ones I just mentioned. Our goal in delivering a delightful experience for everyone is to frustrate attackers, not users.

Duo Identity and Access Management

More features, more security, same price

These are exciting times for Duo customers. With Duo IAM, you get a full identity and access management solution that puts security first. You know what else is exciting? We’ve added almost all of the new features into our base edition, Duo Essentials, so they’re available to every Duo customer.

Not only that, we also haven’t changed our prices. That’s right. More features and more security for the same price. To quote Matt Damon’s character from the film The Martian: “Wow, this is amazing!” We hope you think so too.