Forum Discussion
Solved
What is the recommendation about security measurement for logging from different IP addresses
Hi all, I have a question about MFA. When the managed devices travel to a different location, should we prompt for MFA? What is the best practice these days? I know it varies at different orga...
Slee6004 I suggest you check again with the DUO team as I remember there are some tweaks to perform from the Duo portal to prevent such behavior. I used to implement Duo with MFA long time ago and we added the sign in frequency from CA side and we define some similar settings from DUO side as well. hope this will help.
Thank you, eliekarkafy for your feedback. As you suggested, we have trsuted location configured and block all countries except the one we are located. But with DUO MFA as the custom control, it prompts all the time even though users don't require it. It's all due to one of our CA policies (all apps from all users at all locations except trusted ones require DUO MFA. There is nothing wrong with it except extra MFA prompts cause MFA fatigue. These extra prompts are the one our security team has more concerns than devices have changed location so is willing to not prompt for location changes. This concept is different from what I have learned about security practices so just wanted to have some suggestions from the community.
Thanks again for your information. Appreciate it!
Sally
Thanks again for your information. Appreciate it!
Sally
Slee6004 I suggest you check again with the DUO team as I remember there are some tweaks to perform from the Duo portal to prevent such behavior. I used to implement Duo with MFA long time ago and we added the sign in frequency from CA side and we define some similar settings from DUO side as well. hope this will help.
- Wow, that's really helpful! We will check with DUO and see if they can offer some help. Really appreciate your sharing experiences with us. Thank you once again!!!!