I'm not sure if there's a way to restrict that or not, so that's where i'm currently stuck. 'To allow help desk users to enable per user MFA via Multi-factor Authentication Portal, you need to assign both directory roles mentioned below: Authentication Policy Administrator: This role will allow access to Multi-factor Authentication Portal but wont allow enabling/disabling per-user MFA. In order for that to be adequate though, I then need to be able to prevent RSAT connections to Active Directory.
Click the Add New Sync button and select Active Directory from the list. Locate Users in the left side bar and then click Directory Sync on the submenu or click the Directory Sync link on the 'Users' page. What I think the only viable solution would be is to set up MFA for access to any Domain Controller in the domain. To start setting up a user directory sync: Log in to the Duo Admin Panel. I'm not aware of a way to set up any MFA for admin access to Active Directory itself, but I'm all ears if someone knows of a way.
Multi-factor authentication is required for the following, including such access provided to 3rd party service providers:Īll internal & remote admin access to directory services (active directory, LDAP, etc.).
I have received a "cyber security attestation" document from a major insurance provider and must be able to say yes to all of the items on it as a baseline to receive a policy. I've run into a puzzler and I'm hoping someone can give me a tip on how to solve this.
0 kommentar(er)
