External Authentication Method

Question

External Authentication Method

Marcos Correa 10

We currently have Cisco DUO as an External authentication method for testing. I have followed the steps from Cisco DUO and added the application needed and authorized the admin approval for the app to communicate.

I have successfully set up a new testing policy that does require MFA, and enabled 'RequireMFADUO'

When I attempt to access office.com, I do not receive the prompt to choose the external authentication method(DUO). However if I were to open the web browser in private mode, I do receive the Cisco Duo.

I have tried excluding myself from Microsoft Authenticator, and all other authentication, under Authentication Methods on Entra ID. I then made sure the Microsoft enrollment campaign was disabled and it appears to be disabled. I do not want to fully disable Microsoft authenticator as there are a few users who do use the app.

Overall question: Why am I not able to receive the external authentication method as an MFA option when I attempt to access office.com?

1 answer

Your answer

Answer 1

Goutam Pratti 6,170 Microsoft External Staff Moderator

Hello @Marcos Correa ,

Thank you for reaching out Microsoft Q&A.

I Understand you configured Cisco DUO as an External authentication method for testing but When you attempt to access office.com, you do not receive the prompt to choose the external authentication method(DUO). However if I were to open the web browser in private mode, I do receive the Cisco Duo.

Your regular browser session might be retaining some state or cookies that are causing it to default to Microsoft Authenticator instead of prompting for DUO. Clearing your browser cache and cookies might resolve the issue.

If you're still experiencing the issue after clearing your browser cache and cookies, you should revoke all MFA sessions for the affected user. This is because the previous MFA for the Microsoft authenticator may be cached in the claim, preventing the MFA prompt from appearing. Ensure that all MFA sessions are revoked and then try again.

For additional information and known limitations follow the document: https://duo.com/docs/microsoft-eam#create-the-duo-entra-id-application

If you have any further questions or need additional assistance, please don’t hesitate to reach out.

Marcos Correa 10 Reputation points

2025-02-14T20:18:10.1066667+00:00

Tried the steps provided. I cleared all cache and history data from the browser and revoke my MFA session, however I still do not get the prompt for DUO anywhere.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2025-02-17T11:30:16.4166667+00:00

Hi Marcos Correa ,

Thank you for your Response.

I understand that you are facing the issue for not getting the prompt for DUO anywhere as you mentioned "anywhere" are you not getting prompt in browser and inprivate(As you mentioned in the question it worked in Inprivate mode) both? Also can you share me the documentation that you have followed for the CISCO Duo Configuration for better trouble shooting the issue.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2025-02-18T09:40:09.3433333+00:00

Hello Marcos Correa ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2025-02-19T07:51:12.01+00:00

Hello Marcos Correa ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Share via

External Authentication Method

1 answer

Your answer