With Duo Security you can use Multi-Factor Authentication (MFA) with your WordPress installation.

Duo provides its own WordPress plug-in, but this is incompatible with NADI. Instead, use the Duo Authentication Proxy.

Duo Authentication Proxy

The Duo Authentication Proxy sits between your WordPress installation and the connected Active Directory. Each authentication request from NADI is intercepted by the proxy, then asking for MFA credentials.

Install the Duo Authentication Proxy as described in their documentation.

After the installation, set up your NADI Environment configuration:

||Setting||Value|| |—|—| |Domain Controllers|IP of the host you have Duo Authentication Proxy installed to| |Port|636| |Use Encryption|LDAPS| |Allow self-signed certificates|probably Checked or configure x.509 certificates for LDAPS| |LDAP network timeout|60| |Base DN|Must match with your Duo Proxy’s search_dn attribute|

After NADI has been set up, you can try to log into WordPress with one of your Active Directory users. Duo-enabled users are now required to enter their additioanl MFA credentials.