This article has been indexed from The Duo Blog
When I open my laptop for the first time in the morning, one of the first things I check is my email. As a Duo team member, and as part of the greater Cisco organization, I am one of more than 258 million monthly active subscribers of Microsoft 365. Because this service is integral to the working lives of our customers and ourselves, we wanted to ensure that you can easily yet securely access your emails, documents, and presentations from any device and any location.
That’s why we’re happy to share that Duo now offers a Microsoft 365 application for Duo Single Sign-On (Duo SSO), allowing you to federate your Microsoft 365 domains with Duo SSO.
Where We Started: Duo Access Gateway, 2015
In 2015 we introduced the Duo Access Gateway (DAG), which used SAML 2.0 to authenticate users into Office 365 (now Microsoft 365). Next, we added support for legacy authentication protocols (Basic Authentication).
Since its inception, nearly half of all customers using the DAG consistently leverage it for at least Microsoft 365 — both for Modern and Basic Authentication. Many customers even use the DAG exclusively to protect Microsoft 365!
For these customers, the many pain points of maintaining an on-premises SSO offering — configuring servers, managing certificates, configuring high-availability, making sure everything is kept up-to-date — increasingly consume more time and resources that could be used to solve and improve other IT issues. That’s a lot of overhead for a single, albeit business-critical, application.
Building a Better Solution
Because the metrics we observed with the DAG are not trivial by any means, and we’d begun work on our hosted Duo Single Sign-On (SSO) offering, we knew that we had to deliver the best experience possible for Microsoft 365, for administrators as well as users.
Keeping that in mind, we worked hand-in-hand with Microsoft to design, build, and validate according to their best practices by using WS-Federation, WS-Trust and WS-MetadataExchange, instead of SAML 2.0.
This allows us to fully support a wider range of modern and legacy authentication workflows, Now Available: Microsoft 365 Application for Duo Single Sign-On