Skip to content
AWS Quick Start Team
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
templates Updated qs id Apr 19, 2019
LICENSE.txt Init project as a QuickStart project Jan 9, 2019
NOTICE.txt update readme Apr 18, 2019


Duo MFA for AWS Directory Service on AWS

This Quick Start automatically deploys Duo multi-factor authentication (MFA) for AWS Directory Service on the Amazon Web Services (AWS) Cloud in about 10 minutes. The Quick Start uses the Duo Authentication Proxy for AWS Directory Service to gain MFA functionality.

This Quick Start is for those who currently use or intend to use AWS Directory Service directory types such as AWS Directory Service for Microsoft Active Directory (also known as AWS Managed Microsoft AD) or Active Directory Connector (AD Connector), and who want to apply MFA in a highly available, secure implementation.

Duo MFA mitigates the threat of compromised credentials caused by phishing, malware, and other security threats, reducing risk while meeting compliance requirements for access security.

If you use a federation mechanism like AWS Single Sign-On (AWS SSO) or Active Directory Federation Services (AD FS) with a Directory Service option, you configure your own MFA. Using Duo MFA, you log in to the AWS Management Console, and then use Duo authentication methods including Duo Push through Duo Mobile, and your Active Directory credentials to authenticate to AWS.

Quick Start architecture for Duo MFA for AWS Directory Service on AWS

For architectural details, best practices, step-by-step instructions, and customization options, see the deployment guide.

To post feedback, submit feature ideas, or report bugs, use the Issues section of this GitHub repo.

If you'd like to submit code for this Quick Start, please review the AWS Quick Start Contributor's Kit.

You can’t perform that action at this time.