Skip navigation

Strong Application Access Controls

With advanced application access policies, you can ensure only the most up-to-date and healthy devices can access your applications.

An image that shows an example of the applications that can be protected by Duo such as AWS, GSuite and Office365

Protect Every Application

By limiting access to applications, you can reduce your attack surface and exposure to vulnerabilities.

Ensure only trusted users and trusted devices can access your applications, no matter where they’re hosted - both on-premises and in the cloud - by defining and enforcing rules on who can access what applications.

Define Access Policies Per Application

By creating a custom policy and assigning it to specific applications, you can restrict access based on user location, network type and device type.

For example, you can deny access to your Microsoft RDP Server from any user located in countries you don’t do business in. Or, deny access from anonymous networks and rooted devices.

You can also associate certain user groups with a specific integration, allowing you to restrict access to certain applications based on their permission level. For example, only allow your engineering team to access your code repository via SSH, or only allow your sales team to access Salesforce.

image of a person on mobile device indicating what groups that person is permitted to access and use securely
image of a person on a mobile device showing they're using Duo but an error has been detected

Limit Software Access to Applications

We make it easy for you to block specific software running on your users’ devices from accessing your applications. Restrict access and require the latest versions of operating systems, browsers or plugins on a per-application level.

This is useful when administrators need to set the highest security thresholds for high-risk, critical applications, or where they want to limit the support of certain software platforms for security reasons, or to improve end-user experience.

For example, you might want to encourage employees to use new and up-to-date browsers like Microsoft Edge or Google Chrome in your organization. You can set a policy to block access to your VPN from older browsers like Internet Explorer, but still allow access from other browsers platforms.

Simple, Secure Access to Cloud and On-Premises Applications 

Give your users convenient and secure access to applications with Duo Single Sign-On, plus allow them to access all permitted apps. Users can also self-manage and self-enroll authentication devices through Duo Central.

Duo SSO allows you to easily protect access to the broadest range of cloud and on-premises apps including those built on  SAML 2.0 and OpenID Connect (OIDC) standards. Duo Central can be configured to provide each employee with the exact applications they need — all while allowing administrators to easily control security at the application level and ensure that only employees with the proper permissions can access sensitive information.

image of some of the organizations Duo integrates with
Cover of Five steps to perimeter less security eBook

Five Steps to Perimeter-Less Security: Adopting a Zero Trust Model for Secure Application Access

Get the free guide