Announcing New Duo & F5 BIG-IP Access Policy Management Integration
Duo Security and F5 have been long time partners and we share hundreds of joint customers. So, we’re excited to announce that customers can now easily deploy Duo with F5 BIG-AP Access Policy Management (APM) and take advantage of all the new Duo Universal Prompt goodness.
We encourage customers to update to the latest integration as it will provide a better, more customizable authentication experience for your end-users while incorporating features to enhance your organizations’ security posture such as the ability to identify and block risky devices when access is attempted.
An integration designed for security and simplicity
In the past, Duo and F5 customers have been able to utilize our joint solutions with RADIUS as the underlying authentication protocol. Once configured, this integration allowed end-users to flexibly connect via a browser that displayed our older, “Traditional Duo Prompt”, using the BIG-IP Edge Client, or using Append Mode.
We have moved away from the iframe as the mechanism that delivers our browser-based prompt. Instead, we now have a new redirect-based authentication flow built on OpenID Connect (OIDC) standards that allows us to serve the prompt on a Duo-hosted page, moving it out of the application (e.g. iframe). This is opposed to our traditional iFrame-based integration, where the Duo Prompt content was embedded as an iFrame into the application hosting the login page.
Our partnership with F5 and joint integration bring organizations and users a seamless zero trust approach for anywhere, anytime, application and resource access. The F5 team was instrumental in helping us build our latest WebSDK based on OIDC standards that supports our new Universal Prompt, providing stronger, modern security and lets an organization customize the authentication prompt with their company branding.
“With the growing need to enable zero trust access across hybrid environments our users are deploying, we recognized that collaborating with Duo to provide stronger, integrated security creates a solid business outcome with real-world benefits for all our joint customers.” – Pat Campbell, Sr. Strategic Business Development Manager at F5, Inc.
Why OIDC?
OIDC is a newer authentication protocol built on OAuth 2.0, which mainly deals with authorizing access requests. Although newer, its growth has been exponential, with over 1 billion OpenID-enabled accounts within the first year of being available! Compared to the oldies but goodies - RADIUS, LDAP, and SAML - OIDC has played a more prominent role in the consumer market in popular applications where user experience is the bread and butter of their business. But a shift is coming to the enterprise as user-friendliness and its ease to implement continue to tip the scale.
When finding comparisons to OIDC, Security Assertion Markup Language (SAML) is often mentioned in the same conversation. So what’s the difference? Think of it this way: If a hot, caffeinated beverage is our end goal, SAML would be coffee beans while OIDC would be the instant granules. Simply put, OIDC is often easier to implement, manage, scale and use.
Key Features of the Duo and F5 BIG-IP APM integration
When deployed together, Duo and F5 BIG-IP APM help organizations attain zero trust protection for their workforce and resources. This means that users can expect:
Seamless zero trust experience: Ensure secure zero trust application access to all apps for all users
Intuitive Authentication: No need for end users to use append mode to choose their authentication factor
Less friction: Removes potential client based embedded browser issues
Localization support: In addition to English, French, and German, our expanding language support list now includes Spanish and Japanese, with many more to come. Your browser’s language settings determine the language shown in the prompt.
Want to set this up? Use our detailed guide to help you get set up!
Eager to learn more about this exciting development?
If you would like to learn more about this new integration or any other ways that Duo works with F5, you also have the opportunity to learn more in person at the upcoming RSA Conference and Cisco Live!
Catch us at RSA Conference, June 6-9, 2022 in San Francisco. F5 will be in Booth 5771 in Moscone North Expo. Duo Security has a spot in the in Booth S-1027 and 1127 in the Cisco Zero Trust Village, South Expo.
Then, we’ll be at Cisco Live, June 12-16, 2022 in Las Vegas. You can find Duo Security in the Cisco Zero Trust Village, while F5 will be in book 940.
Additional resources
Cisco Duo and F5 BIG-APM: Partners for Anywhere, Anytime Zero Trust Access (solution overview for CISOs and IT administrators)
F5 APM Configuration to Support Duo MFA using iRule (for IT administrators)
F5 BIG-IP APM with OIDC Web Prompt (for IT administrators)
Universal Prompt Update Progress report (for IT administrators)
Duo blog series on the Universal Prompt Project (for CISOs, IT administrators, and security-minded humans)