Mac-1Password Popup Window for Duo 2FA process is not a valid browser.

swatson
swatson
Community Member
in Mac

Our Duo global policy does not allow for unknown browsers to be used for the 2FA process so when the 2FA from Duo pops up on a Mac it fails:

We also are moving to SSO. The recommended set up includes restricting access to the SSO process via hostnames/IP addresses:

https://duo.com/docs/protecting-applications#restrict-hostnames

How can we address with the 1Password set up (both browser and hostnames/IP address)? We won't be doing the SCIM in the near future so want to make sure we have a solve.

Thanks

Stuart

1Password Version: 7.1.2
Extension Version: 4.7.3
OS Version: 10.13.6
Sync Type: Duo 2FA Process
Referrer: forum-search:duo browser

Comments

  • rickfillion
    rickfillion

    Hi @swatson,

    Unfortunately that policy won't be compatible with 1Password and they'll need to make sure that it doesn't apply to 1Password. While 1Password could probably try to pretend to be a "compatible browser," I don't see that as a legitimate solution.

    Regarding the hostname restriction, I believe that adding *.1password.com as a value there will do what you're looking for. Note that this would only work for the apps that are using the Duo WebSDK extension which is our Mac, iOS, Android, and Web apps. If you're using 1Password for Windows or our command-line tool then it's likely that SSO won't work at all there.

    Rick

  • swatson
    swatson
    Community Member

    Rick,

    We will look at how to handle with a unique policy for the 1password app for the browser situation as well as evaluate the SSO situation b/c windows will be part of the mix.

    Thanks

    Stuart

  • Ben
    Ben

    Sounds good. Please let us know if there is further assistance that we can provide. Thanks.

    Ben

This discussion has been closed.