Connection to Active Directory
The connection from Duo to our Active Directoy sits on tl-az-it-Mon01.
The program that the set-up is on is "Duo Authentication Proxy Manager". This will let you know if the service is running. This service should always be running in order for users to log in. Good first place to look if log in issues occur.
Duo's side of the configuration.
You can find this by logging into duo as an administrator.
Under Single Sign-On -> Active Directory (Status should be "Connected to Duo")
Also check Sing Sign on -> Authentication Proxy (Status should be "Connected to Duo")
If the connection is not connected, you may need to "Generate Command" to run on Mon01. After running the command, run the test to make sure the connection is good.
Active Directory User Configuration
For a user to be able to use Duo and log into Citrix Workspace 2 settings are neeed
1. User needs to be a member of Duo Users (Can check this by looking at the "Member Of" tab within properties of the user)
2. In the "General" tab for the user profile, the Email Address needs to be added to the "E-Mail" field.
Citrix Workspace Setting
To enable Duo's authentication, a setting within Citrix Cloud will need to be made.
This setting can be found under: Workspace Configuration -> Authentication -> SAML 2.0
FOR EMERGENCYS
If Duo issues occur, the backup for authentication is Active Directory. This will remove Duo from the picture and rely on Active Directory for the login (No 2FA).
You can find this within Citrix Cloud -> Workspace Configuration - > Authentication