Migrating from Duo to Microsoft Authenticator + Can we integrate with Azure AD via SAML Auth
We currently have DUO configured as our 1Pass MFA, we're moving away from DUO and are going to be utilizing the Microsoft Authenticator as our new MFA which I understand is compatible with 1Pass.
My first question is, are we able to slowly migrate people's MFA's from DUO to Microsoft Authenticator or do we need to switch DUO off in 1Pass first before we can then enable the other MFA app. My worry is that period between enabling the MFA app where we don't have any 2 factor authentication as we would need to wait for user's to enable the new platform.
My second question links into the first really, if we do need to switch DUO off to enable Microsoft Authenticator, can we force this upon people as we really don't want users to just continue their day not enabling MFA or is this something only they can control?
Lastly I have read some old community posts around SAML not being a feature, I just wanted to get an update on this if possible. We're going to be utilizing Azure AD and will be linking many of our cloud apps via SAML auth and in the future SSO, are we able to do any of this with 1Pass or will we still need to have a separate authentication point at 1Pass? I know about the SCIM bridge which is handy for provisioning and decommissioning but this is more about day to day usage.
1Password Version: 7.6.785
Extension Version: 1.22.3
OS Version: Windows 10 and Multiple Mac Platforms
Sync Type: Not Provided
Referrer: forum-search:mfa replace duo
Comments
-
Hi, @OllieV27! Apologies for our delay, but I'd be happy to help out with these questions. :smile:
My first question is, are we able to slowly migrate people's MFA's from DUO to Microsoft Authenticator or do we need to switch DUO off in 1Pass first before we can then enable the other MFA app.
When it comes to Duo, it can only be disabled for an entire team all at once. There isn’t a way to perform a slow migration away from Duo to our built-in two factor authentication option, I’m afraid.
My second question links into the first really, if we do need to switch DUO off to enable Microsoft Authenticator, can we force this upon people as we really don't want users to just continue their day not enabling MFA or is this something only they can control?
For 1Password Business customers, enforcing two-factor authentication is possible thanks to Advanced Protection features.
About 1Password Advanced Protection
Just to note: if you happen to use 1Password Teams, two-factor authentication cannot be enforced across the board.
Lastly I have read some old community posts around SAML not being a feature, I just wanted to get an update on this if possible. We're going to be utilizing Azure AD and will be linking many of our cloud apps via SAML auth and in the future SSO, are we able to do any of this with 1Pass or will we still need to have a separate authentication point at 1Pass?
When it comes to signing into 1Password accounts, SAML isn’t something that we support for security reasons. 1Password accounts require both a Secret Key and Master Password in order decrypt and access the data within, and this isn’t compatible with SAML authentication or SSO.
If there's anything else I can assist you with, just let me know. :+1:
0 -
Hi
Thanks for your response that answers it all perfectly, one last question if I may? If we're using 1Password Teams and we disable Duo, is there a way for us to tell if someone has enabled 2FA? can we generate a report of sorts as we want to make sure people are turning this on?
If not the next logical step would be to upgrade to Business i'm assuming?
Thanks,
Ollie0 -
@OllieV27, great question!
The type of report that you're referring to is also a unique feature for 1Password Business customers, as a team report would allow you to see whether or not members within an account had two-factor authentication enabled.
Create a team report
If you're currently using 1Password Teams but would like to consider upgrading to Business, please have someone in the owner's group for your account reach out to us at business@1password.com. Just include a link to this conversation, and we'd be happy to get you in touch with someone from our Sales team to see what options are available for your team. :smile:
0