AAD条件访问和DUO [英] AAD conditional access and DUO

问题描述

早上好：

我也是Azure和DUO的新手。我已根据此视频配置了Azure AD的条件访问以使用DUO MFA：

https://www.youtube.com/watch?v=eIP__C1NXho

到目前为止一切正常，唯一的问题是我需要向客户我做了什么，Azure和Duo之间的沟通对我来说几乎是透明的。在Conditional Access配置中有一个Json文件，它使用OpenID
Connect，但我不明白在Azure和DUO之间交换了哪些信息。

这是json我在Azure中看到：

<预类=" prettyprint"风格= ""> {
"姓名" ;:"朵安全" ;,
"的AppId" ;:" XXXXXXXXXXXXXXX" ;,
"客户端Id" ;:" yyyyyyyyyyyyyyyyyyyyyyy" ;,
" DiscoveryUrl" ;:" HTTPS：//eu-west.azureauth.duosecurity.com/.well-known/openid-configuration" ;，
"控制与QUOT ;: [
{
"标识" ;:" RequireDuoMfa" ;,
"姓名" ;:" RequireDuoMfa" ;,
" ; ClaimsRequested"：[
{
" Type"：" DuoMfa"，
" Value"：&qu OT; MfaDone" ;,
"值" ;:空
}
]，
"权利要求" ;:空
}
]
}

解决方案

嗨马科斯，

此图表很有用。  < a href ="https://duo.com/docs/azure-ca#network-diagram"> https://duo.com/docs/azure-ca#network-diagram

您可以直接从Azure将用户信息导入DUO。
https://duo.com/docs/azuresync

身份验证据我所知，使用Azure AD以正常方式工作，凭据将通过两者传递。 

这个问题可能会更好地传递给DUO团队，因为我们不这样做有详细的设置信息。

Good morning all:

I am new with Azure and DUO as well. I have configured the Conditional Access of the Azure AD to use the DUO MFA according with this video:

https://www.youtube.com/watch?v=eIP__C1NXho

Everything is working fine so far, the only thing is that I need to explain to the customer what I did, and the communication between Azure and Duo seems almost transparent to me. In the Conditional Access configuration there is a Json file, that uses OpenID Connect, but I don't understand which information is exchanged between Azure and DUO.

This is the json I see in Azure:

{
  "Name": "Duo Security",
  "AppId": "xxxxxxxxxxxxxxx",
  "ClientId": "yyyyyyyyyyyyyyyyyyyyyyy",
  "DiscoveryUrl": "https://eu-west.azureauth.duosecurity.com/.well-known/openid-configuration",
  "Controls": [
    {
      "Id": "RequireDuoMfa",
      "Name": "RequireDuoMfa",
      "ClaimsRequested": [
        {
          "Type": "DuoMfa",
          "Value": "MfaDone",
          "Values": null
        }
      ],
      "Claims": null
    }
  ]
}

解决方案

Hi Marcos,

This diagram is helpful. https://duo.com/docs/azure-ca#network-diagram

You can import user information directly from Azure into DUO. https://duo.com/docs/azuresync

The authentication as far as I know works in the normal way with Azure AD and the credentials would be passed through both. 

This question might be better passed to the DUO team though since we do not have detailed information of their setup.

这篇关于AAD条件访问和DUO的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！