DUO Multi-factor Authentication On-Prem Server

We’ve been implementing multi-factor authentication on our network using DUO. Our CIO keeps mentioning adding it to our App server. I understand from a security standpoint, wanting every server access to have that extra layer of security, but I think it’s going to break Epicor. The server is local only, cannot be accessed directly from outside of our network, though it may be accessed remotely through our gateway server which does have DUO already.

I’m concerned with A) Epicor clients on local machines not being able to access the sysconfig files, B) issues coming up with users being able to access the reports databases, and C) issues with the database owner/epicor service accounts.

Has anyone been in this situation and can offer me some guidance?

We use duo on our on prem servers including epicor. Let me see if I can get you some info

Ok got a little more info. It’s really nothing special. You’d install the Duo service on the machine and it prompts for MFA when you attempt to login to the server.
It doesn’t affect all access to the server, but rather restricts access to login to the server, if that makes sense.
From a security perspective this is good and helps with achieving more of a zero trust model. A bad actor with credentials to get into your network will still be challenged with those same creds to get into the server itself.
What it doesn’t do is prompt for MFA using things like windows explorer or other access protocols, so your machine will still function as it does, but it won’t let you login without the MFA prompt.
It’s super fast and easy too. I’d highly recommend.

1 Like

Got it, thank you very much! It was those other types of access that I was worried about!