Kaseya Community

Using Duo for Two Factor Authentication

  • I am doing work for a client who uses the Kaseya Agent Monitoring Service website.  They already use DUO for their 2FA for other portals and would like to use DUO for the AMS website.  I'm new to Kaseya and am wondering if there are any how to guides on integrating third party 2FA or, for that matter, any admin guides at all that I could dig into?  I'm already aware of AuthAnvil (as is my client) and they aren't interested in pursing that at the moment.  Thanks in advance!

  • Did you ever discover how to do this?

  • Curious about this as well.  I really wish Kaseya supported SAML 2.0 Endpoint or SSO Endpoint redirects.

    What is everyone else using?

  • Doubt you'll ever see much support there since Kaseya purchased AuthAnvil.  There were some hooks in the code at one point that were obviously going to be for supporting some generic 2FA options, but then they bought AuthAnvil and nothing's been done on that front since then.   There is one article that talks about a way to use Okta with it, but I've not even looked into that.

    helpdesk.kaseya.com/.../115007822548-Okta-Integration-to-Kaseya

  • Thanks. I talked to our rep and was told that will be available in a future release but only for Authanvil, not sure about other 3rd party vendors.

    I was more curious what others were doing for user provisioning / integration as well as VSA portal access (proper SAML would let us lock this down).



    Edits
    [edited by: GDRBrian at 9:38 PM (GMT -8) on Mar 8, 2018]
  • AuthAnvil is available now as a solution to log into Kaseya, and you can purchase this as a cloud solution, so it is pretty painless to setup.

    While I have never setup Duo, I  was told that since Kaseya provides SAML support, they could use the SSO of Duo to log in.   Here is what I got:

    "We provide SAML support for any IdP for the VSA. If they wish to use Duo they need to buy the "Duo Beyond" ($9/user/month) and setup SSO. Then setup SSO for VSA... forcing them to log into Duo's IdP and enforce 2FA."

    Hope that helps!

  • Hey Chris,

    Where did you get that from?  Definately interested in the '...forcing them to log into Duo's ldP and enforce 2FA' part.  I can currently set up SAML with a 3rd part vendor but it doesn't force me to use that login as I can still browse to https://<vsa domain here> and log in.

  • ,  that came from a Kaseya Exec. I think the way ti works is that you configure the AuthAnvil section to "Enable Single Sign On to Kaseya", while this is under AA, it may be how it is enforced ( I really don't know, since we use AA), but I think technically any 3rd party idP could be used.   Keep in mind the Login name would probably have to be their email address, not sure how it would work if it wasn't?

  • My guess is that you'd basically adapt the instructions on the OKTA integration I linked to above...  Where it basically uses the AuthAnvil integration portion of the VSA, but doesn't actually require AuthAnvil to work.

  • Thanks , that was a very helpful article!   Now we just need a few brave souls to try it!

  • I have the Okta SAML integration set up and it works fine.  Only thing I would like is for it to redirect back to Okta if a user isn't logged in.  Currently it just drops you on the VSA login page.

  • I am going to put a bump on this.  Since the last issue with AuthAnvil and couple weeks ago, we are pretty much done with AutAnvil. Has anyone had any luck getting duo to work?