← Back to Recipes

How to extend Duo SSO to legacy applications

Add passwordless multi-factor authentication to any app — even if it doesn’t speak modern protocols.

Read the docsTry this in Maverics
  • Make the most of Duo SSO and protect any legacy app without coding
  • Launch in minutes with zero app changes and no downtime
  • Secure all apps with strong authentication without disrupting the user experience
Ingredients
MFA Duo SSO Non-standard App

Use Duo SSO anywhere and everywhere

Recipe details

See how simple it really is.

Setup details

Just add your ingredients and deploy.

Setup details

Just add your ingredients and deploy.

What the user sees

App users don’t care what MFA or authentication tool you use to make sure they are who they say they are — they care that it works. Use Identity Orchestration to deliver smooth consistency.

  • Familiar login. Users head to the same screen and start the app authentication flow with their usual log-in details.
  • Invisible redirection. Behind the scenes, Maverics evaluates the app policy in config and, after the user logs in, directs the user to Duo SSO.
  • Quick, simple authentication. The user gets authenticated by the modern IDP or AD as usual. After login, Duo SSO triggers an additional authentication based on the user’s preferences. Everything in the app looks the same as before.

What the admin does

Using passwordless MFA to secure identity is essential for multi-cloud enterprises. Identity Orchestration makes adding Duo SSO everywhere easy — even if you’re dealing with legacy apps.

  • Prepare your work surface. Define the upstream application and the port Maverics will use to communicate with the app.
  • Set the rules. Define the basic policy that enforces authentication to Duo SSO and define how Maverics will provide context to the upstream application.
  • Configure. Set Maverics up as an authentication gateway and give it the right permissions to direct users correctly.

Solve more modernization challenges with ready-to-deploy recipes

Identity Continuity
Active Directory (AD)
Okta
Failover from Okta to on-prem Active Directory (AD)

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate locally with Keycloak if Microsoft Entra ID ever becomes unavailable.

Identity Continuity
Okta
Entra ID (Azure AD)
Failover from Okta to Microsoft Entra ID

Don’t let Okta take you offline. Use Identity Continuity to allow users to securely authenticate to critical apps with Microsoft Entra ID anytime Okta is unavailable.

Identity Continuity
Keycloak
Entra ID (Azure AD)
Failover from Microsoft Entra ID to on-prem Keycloak

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate locally with Keycloak if Microsoft Entra ID ever becomes unavailable.

View all recipes

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics