We use Cisco Secure Access to secure applications using MFA and support SSO access to improve user experience and security.
Pros
MFA
SSO
Device trust
Cons
Provisioning to cloud and on premise applications
Likelihood to Recommend
Duo provides high level of security and works well supporting MFA and SSO. Comparing to other solutions like Okta, it is missing capabilities like provisioning and user life cycle management capabilities.
Cisco Duo is being used to provide Multi-Factor Authentication for users who have administrative accounts to access our VPN. It will soon be deployed to general VPN users as well and eventually be required when logging into terminal servers. This allowed us to take one step further in our PCI compliance which required MFA for Privliged accounts. It takes its job a bit further by allowing us to geofence our users to ensure they are accessing their resources from know locations for instance within the united states. To sum it up it provides a layer of protection against external threats gaining access to our network by abusing our services that is a leap above our previous capabilities. Follow-up we have stayed with Cisco Duo and now have it deployed to all users, this lets me sleep at night!
Pros
Integrates with our other cisco products perfectly.
Allows Cisco support to provide setup and troubleshooting instead of having to bring multiple vendors into a situation where support is quick to point fingers.
Provides user information and reporting which allows us to gain knowledge about our users we can use in troubleshooting.
Authenticates with almost perfect certainty that the user who is requesting access to our systems is a valid user
Uses geofencing to stop the majority of hacking attempts from countries we have no business with.
Elevates the authenticity of our security measures to the executive team
Cisco Duo allows for the use of a landline for users who do not have a cell phone which provides coverage for any potential user even ones without cellular devices
Allows us to use Duo Mobile to also authenticate salesforce which is forcing MFA at the moment.
Cons
Other MFA products have a password manager function for an added fee that would be nice to have, though I believe Cisco Duo partnered with Last Pass to provide for now
Navigating Cisco Duos Support processes can be difficult, if you open a ticket in the wrong group you may end up having to reopen the ticket in the correct group.
Though no MFA does this it would be great to just take a company cell phone and Assign the MFA to SMS text that number, its kind of annoying to have to have the user "Enroll" if its a company owned device.
Likelihood to Recommend
Wherever the price of confirming authentication is a priority, we are not just protecting our network, we are protecting our users connection, we are protecting our employees data, we are protecting our company's stability, we are protecting our customers data, this all sums up to it has to be done right. If you had something less important you are configuring you may not be willing to go the extra length. Follow up: We are still using duo and will be using it for the foreseeable future. The reason, because once you have had your users enroll they quickly learn that its worth the extra step to get in.
