Mac-1Password Popup Window for Duo 2FA process is not a valid browser.
Our Duo global policy does not allow for unknown browsers to be used for the 2FA process so when the 2FA from Duo pops up on a Mac it fails:
We also are moving to SSO. The recommended set up includes restricting access to the SSO process via hostnames/IP addresses:
https://duo.com/docs/protecting-applications#restrict-hostnames
How can we address with the 1Password set up (both browser and hostnames/IP address)? We won't be doing the SCIM in the near future so want to make sure we have a solve.
Thanks
Stuart
1Password Version: 7.1.2
Extension Version: 4.7.3
OS Version: 10.13.6
Sync Type: Duo 2FA Process
Referrer: forum-search:duo browser
Comments
-
Hi @swatson,
Unfortunately that policy won't be compatible with 1Password and they'll need to make sure that it doesn't apply to 1Password. While 1Password could probably try to pretend to be a "compatible browser," I don't see that as a legitimate solution.
Regarding the hostname restriction, I believe that adding
*.1password.comas a value there will do what you're looking for. Note that this would only work for the apps that are using the Duo WebSDK extension which is our Mac, iOS, Android, and Web apps. If you're using 1Password for Windows or our command-line tool then it's likely that SSO won't work at all there.Rick
0 -
Rick,
We will look at how to handle with a unique policy for the 1password app for the browser situation as well as evaluate the SSO situation b/c windows will be part of the mix.
Thanks
Stuart
0 -
Sounds good. Please let us know if there is further assistance that we can provide. Thanks.
Ben
0
