![]() ![]() See additional Authentication Proxy performance recommendations in the Duo Authentication Proxy Reference. We recommend a system with at least 1 CPU, 200 MB disk space, and 4 GB RAM (although 1 GB RAM is usually sufficient). The Duo Authentication Proxy can be installed on a physical or virtual host. If you will reuse an existing Duo Authentication Proxy server for this new application, you can skip the install steps and go to Configure the Proxy. Don't share it with unauthorized individuals or email it to anyone under any circumstances! Install the Duo Authentication Proxy Secure it as you would any sensitive credential. The security of your Duo application is tied to the security of your secret key (skey). See Protecting Applications for more information about protecting applications in Duo and additional application options. You'll need this information to complete your setup. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. Log in to the Duo Admin Panel and navigate to Applications.Ĭlick Protect an Application and locate the entry for RADIUS in the applications list.It is highly recommended that you assign a fixed private IP to your Authentication Proxy machine, as the WorkSpaces MFA configuration contacts the RADIUS server by IP address. The proxy supports Windows and Linux systems (in particular, we recommend Windows Server 2012 R2 or later, Red Hat Enterprise Linux 6, CentOS 6, Debian 6, or Amazon Linux 2015.03 or later). Before proceeding, you should locate (or set up) a system on which you will install the Duo Authentication Proxy. ![]() ![]() To integrate Duo with Amazon WorkSpaces, you will need to install a Duo RADIUS authentication proxy service on one or more EC2 instances in an AWS VPC, or on one or more machines in an on-premises environment. See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo will no longer accept TLS 1.0 or 1.1 connections or support insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. ![]()
0 Comments
Leave a Reply. |