Skip navigation

Access Management

Access management is a set of tools and policy controls that ensure only the right users have access to applications and resources and under the right conditions. Access management tools like multi-factor authentication (MFA), passwordless authentication, and single sign-on (SSO) verify user identities and enforce role-based access. These tools protect critical resources from stolen credentials and unauthorized access that can lead to ransomware attacks and data breaches.

Download guide Download Trusted Access Report

A person looking at their mobile device and receiving a notification on the device confirming that they are the person logging in.

What are access management tools?

Effective access management tools allow administrators to easily verify users’ identities, create granular context-aware policies, and enable productivity with frictionless access to corporate access.

A  check mark in a circle.

MFA and passwordless authentication

A critical component of access management, multi-factor authentication (MFA) verifies a user’s identity at login using two or more authentication factors. Admins can set up phishing-resistant MFA or passwordless authentication to verify users via FIDO 2 security keys, a smartphone app, biometrics, or other methods.

Discover Duo MFA

Adaptive policies

Adaptive access policies change the level of trust based on contextual data about the user or device requesting access. Administrators can control access to applications and networks by setting granular policies based on dynamic factors like role, device trust, risk, location, and more.

Explore Duo’s adaptive policies

image of 4 squares

Single sign-on (SSO)

Single sign-on is an access management tool that provides users with an easy and consistent login experience for every application. With SSO, users don’t need to remember or enter multiple login credentials.

See our Duo SSO solution

image of a mobile device

Device trust

Device trust tools deliver visibility into devices, assess their security posture, and continuously verify device trust to allow or block access based on access policies. 

Learn how device trust works

Shows people communicating thru connected devices that have been successfully authenticated.

How does access management improve security?

  • Manage user and device access
    Access management solutions let administrators tailor user roles, permissions, and access levels. Crucially, it allows the creation of security policies that control user and device access to applications and resources. Robust solutions like Duo offer context-aware policies based on role, device health, location, and other dynamic factors.
  • Authenticate and authorize
    Access management tools like MFA, passwordless, and SSO authenticate users’ identities using a variety of methods like security tokens, fingerprint scans, or mobile applications. Duo's risk-based authentication further assesses threat signals at each login, adjusting security requirements in real time. Policy-based factors like user role, device health, and permissions determine what resources they are authorized to access.
  • Prevent unauthorized access
    MFA, SSO, and passwordless tools streamline users’ access to what they need while blocking unauthorized users. Duo’s access management solution delivers visibility across all users and devices in your environment to enforce dynamic authentication policies and thwart attackers.

Components of an effective access management strategy

The number 1.

Strong MFA, passwordless, and SSO

MFA, passwordless authentication, and SSO are key access management tools to reduce your risk of unauthorized data access and streamline a secure login experience for users. The simplicity of SSO complements MFA to deliver multi-layered security and consistent policy enforcement across your environment.


The number 2.

Granular and adaptive access policies

For zero trust security, enforce a least-privilege access model, allowing only trusted users and their devices access to essential applications under secure conditions. A strong solution allows admins to craft granular policies that authorize users and devices based on dynamic factors like behavior, device health, location, and more.


  • Duo user access policies
    Set global or application-specific policies for specific user groups, customize the authentication method experience, and monitor for anomalous access attempts.

    User access policies are available in all Duo editions, with advanced options in Duo Advantage and Duo Premier.
  • Duo device access policies
    Grant access to trusted and healthy, up-to-date devices with enhanced endpoint visibility and granular device access permissions.

    Device access policies are available in all Duo editions, with advanced options in Duo Access and Duo Premier.
  • Duo adaptive authentication
    Restrict access based on risk factors that could change between login attempts, like device status, user location, or network type, using Duo’s adaptive policy engine.

    Adaptive authentication features are available in all Duo editions, with advanced options in Duo Advantage and Duo Premier.

The number 3.

Device visibility and trust

Gain visibility into all devices accessing your resources. With insight into every connected device (both on-premise and remote), you’re able to enforce policies that grant access to only healthy, up-to-date, and compliant devices.



  • Duo device visibility
    Spot at-risk devices before they become a problem with behavior and attribute data on every endpoint that logs into your applications.

    Device Visibility is available in all Duo editions.
  • Duo device health
    Verify the security posture of laptop and desktop devices before allowing a user access to a Duo-protected application.

    Device Health is available in Duo Advantage and Duo Premier.
  • Duo trusted endpoints
    Manage trusted device policies for laptops, desktops, and mobile devices—both corporate-owned and personal—to grant secure access to your organization’s assets.

    Duo’s Trusted Endpoints is available in Duo Premier edition.

The number 4.

Easy user experience

Managing user and device access doesn’t have to be complicated. An effective solution is seamless and simple for admin and users alike, from implementation to daily use. A user-friendly system encourages adoption, driving down your risk profile.


  • Duo risk-based authentication
    Duo delivers dynamic security at each login attempt, evaluating potential threat signals and adjusting security requirements in real time.

    Duo Risk-Based Authentication is available in Duo Advantage and Duo Premier editions.
  • Duo mobile app
    Our MFA and two-factor authentication (2FA) app makes securing access to your company data convenient for users with Verified Duo Push. Everybody wins—except attackers.

    Duo Mobile is available in all Duo editions.

The number 5.

Comprehensive coverage

Secure today’s distributed workforce with an access management solution that supports public and private applications in the cloud and on-premises, various endpoints (corporate, BYOD, Windows, MacOS, iOS, and Android), and all types of users (employees, third parties, or contractors)—no matter where they are.


  • Duo secure remote access
    Secure remote access empowers your hybrid workforce with safe connections to applications and resources, for any user, anywhere.

    Remote access is available in Duo Premier edition.
  • Duo device trust
    Duo’s complete device visibility identifies risky devices and reports on device health, allowing or blocking access based on contextual policies.
    Duo Device Trust is available in all Duo editions, with advanced options in Duo Advantage and Duo Premier.
  • Duo multi-factor authentication (MFA)
    Tailor your identity management system to meet your unique security needs with our range of authentication methods—including Duo Push, SMS and passcodes, biometrics, and WebAuthn.

    Duo MFA is available in all Duo editions.

The number 6.

Early threat detection

Access management solutions must go beyond just controlling access. Duo helps detect suspicious activity and stop breaches before they happen. Use behavioral analytics to monitor your users’ unique access patterns and flag potential unauthorized access attempts for remediation.


  • Duo trust monitor
    Monitor baseline access behavior and get alerts for anomalous activity, like logins from unusual locations or access to a sensitive application.

    Duo Trust Monitor is available in Duo Advantage and Duo Premier editions.

Related topics

a picture of a fingerprint

Passwordless authentication

Hackers can’t steal a password if there’s no password to steal. Passwordless authentication is becoming a viable and attractive way to reduce credential theft.

Learn more about passwordless authentication 

image of a checkmark.

Secure remote access

Secure users’ access to corporate resources and applications, no matter where they connect from.

Learn more about Duo’s secure remote access

three check marks and lines

Adaptive access policies

Assigning access permissions by application ensures that your most critical resources are also your most protected.

Learn more about Duo’s adaptive access policies 

Frequently asked questions

What is the role of access management?

The purpose of access management is to control and monitor user access to resources so that only trusted individuals and their devices can access specific data and systems. It safeguards against breaches, maintains the availability and integrity of data, and helps meet regulatory compliance standards.

How does Duo enforce the principle of least privilege access?

Duo enforces least privilege access to applications, data, and resources using granular access controls. Admins set role-based access policies to control users' access to specific apps, when they can connect, where they can connect from, and more. Your business is better protected from security breaches by limiting access to only what users need to perform their role.

What is passwordless authentication?

Passwordless authentication uses identity verification methods like biometrics and security keys, eliminating the need for passwords. It simplifies the user experience, alleviates admin workload, and defends the enterprise by voiding password-related security risks.

How does risk-based authentication work?

Risk-based authentication with Duo starts by evaluating risk signals at each login attempt, such as user location and device health. Duo then dynamically responds, categorizing the situation as high-trust or low-trust based on threat patterns and contextual risks. Depending on the risk level, Duo adjusts login requirements, either simplifying access or prompting for stronger authentication methods. This adaptive approach helps keep attackers out and secure trusted users.

Cover of The Access Management Buyer's Guide by Cisco Duo eBook cover eBook

Access Management Buyer’s Guide

Download the guide