0 votes

Good Day,

I'm currently reviewing an issue where the Adaxes Self-Service option is not functioning when our new 2FA software Duo (https://duo.com/) is also installed.

Basically, as I understand it, both pieces of software use the Winlogon and GINA to function, but I'm not sure how they conflict with each other and was hoping to have some light shed on the situation to at least give me an idea on how to address this issue.

I have also reached out to the vendor of the other program, but was curious if any assistance could be provided.

To outline the issue clearly, I have the console portion properly configured, the issue is at the client level, in that, they no longer have access to the link on the login page to access the adaxes webpage to change their password/unlock their account.

I have tested with the Duo software uninstalled, and it worked again, however this is not an option as we want both to function as intended.

by (680 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

Adaxes Self-Service Client installs an additional Logon Provider on a user's computer. Then it is up to Windows to select which providers to display, and which of them will be available by default. When you install the Duo client, does Adaxes Self-Service Client disappear completely from the Logon Screen or you can access it via Sign-In Options? If it is present, try selecting the client and see if it sticks as the default one.

If Adaxes client disappears completely, most probably, the Duo client disables it, for example, using a method described in this Technet Library Article or similar to it. Try checking the Logon Provider-related registry keys mentioned in the article or contact Duo Support for further assistance.

0

Hi,

Thanks for the info, so as it stands both your product and Duo provide different Logon Provider key entries. While the article mentions disabling a key to get the other to work, we'd like to have both working. Do you know of any articles or references on how I might merge or at least allow both to function on a machine?

0

Hello,

There is no need to disable any of the providers. The article was cited simply as an example of how Duo might filter our Self-Service Client if it doesn't appear on the Logon Screen at all.

Both the Logon Providers can coexist together on the same computer, however we don't see any possibility to use both at the same time. So, users will need to click the Sign-in options link and select either the Duo provider or Adaxes Self-Service Client.

0

Good Afternoon,

I've been asked to re-review this particular request. I understand the previous suggestion and that it would be a valid resolution, however due to security concerns we do not want users selecting one option or the other, but to be forced to select Duo as the provider.

I was curious if there has been any headway in addressing concerns with 2FA providers, as this would greatly increase the worth of the software for us, and also keep our security in check.

Regards.

0

Hello,

I've been asked to re-review this particular request. I understand the previous suggestion and that it would be a valid resolution, however due to security concerns we do not want users selecting one option or the other, but to be forced to select Duo as the provider.

In this case, you can simply remove Adaxes Self-Service Client and Duo will be the only option.

I was curious if there has been any headway in addressing concerns with 2FA providers, as this would greatly increase the worth of the software for us, and also keep our security in check.

Yes, starting with version 2019.1, which should be released next week, Adaxes will support SAML 2.0 Single Sign On.

0

Hello,

Adaxes 2019.1 which supports SAML single sign on is now available. You can download it here.

What's New | Upgrade Instructions

For information on how to enable SAML authentication in Adaxes Web Interface and configure your identity provider to communicate with Adaxes, have a look at the following tutorial: https://www.adaxes.com/tutorials_WebInt ... SignOn.htm.

0

Hello,

Thanks for the update. I've recently updated to 2019.1, but after re-reading the patch notes I just wanted to verify the following:

The support for Duo comes in allowing us to use that piece of software to provide an extra layer of security on the portal site, but does not resolve the conflict the Adaxes self-service client has with Duo on the main login screen? This is where our main issue lies and I was curious if I missed something.

0

Hello,

Yes, that is correct, the behaviour of the Adaxes Self-Service Client did not change.

0

I there any plan to fix this issue? We are required to run DUO as MFA and would love to use this product.

0

Hello,

We are looking into possible solutions for this behaviour. However, there are still not exact details on the matter. As an option, you can also check with Duo support if they added a possibility to allow third party software alongside.

Related questions

0 votes
1 answer

The account is configured with the user's email address as its name and the icon says third party.

asked Aug 19, 2021 by bsteele (70 points)
0 votes
1 answer

Hello Support, is it possible connect adaxes from a 3rd party software and read user attributes? is there a example available? Thx,

asked Feb 3, 2016 by Napoleon (700 points)
0 votes
1 answer

Typing in the code constantly seems...antiquated when more modern methods are available.

asked Jun 14, 2021 by ngb (90 points)
0 votes
0 answers

Trying to configure a custom launcher in Thycotic Secret Server that will launch Adaxes on the user's local machine with the username and password passed as parameters. Has anyone made this work?

asked May 20 by amillard (20 points)
0 votes
1 answer

Hello, How it works if I have multiple accounts in one domain, and other accounts in others domains managed by Adaxes ? Thank you. Regards. Pierre

asked Jun 9, 2021 by pierre.saucourt (40 points)
2,740 questions
2,474 answers
6,475 comments
1,373,540 users