Anyone else using DUO on Chrome and get this new Chrome "bug" to allow DUO to access devices on the local network?
I put together a teeny Config Profile to allow local network access to duo security. I’m told it will work with other Chrome extensions, such as Okta Fastpas as well.
Here’s what the Plist preview looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=“1.0">
<dict>
<key>LocalNetworkAccessRestrictionsEnabled</key>
<true/>
<key>LocalNetworkAccessAllowedForUrls</key>
<array>
<string>[*.]duosecurity.com</string>
</array>
</dict>
</plist>
Note: DO NOT neglect those box brackets if you’re using a wildcard.
- Create a new Configuration Profile in Jamf,
- Name it and apply Site and Categories as desired.
- Leave the settings to install on Computer Level and to Install Automatically
- Scroll down to Application and Custom Settings, select External Applications and add a new one
- Source is Jamf Repository
- Preference Domain is com.google.Chrome.
- There is only one Version and Variant, so choose them from the pop-up list(s)
- Add the properties from the xml above: “LocalNetworkAccessRestrictionsEnabled” is boolean - true
- “LocalNetworkAccessAllowedForUrls” is an array of string(s).
- The strings are (obviously) the URLs your Chrome extension is trying to access. In the case of DUO Security it’s “[*.]duosecurity.com”.
- For Okta Fastpass: “https://atko.okta.com”, “https://[*.]okta.com”, “https://login.yourdomain.com”, “https://[*.]yourdomain.com” (Note the box brackets - very important.)
- Save, Scope, and Rejoice!
Note: I haven’t tested the FastPass URLs, but their instructions are very similar to DUO’s. I’m thinking you probably don’t need the https protocol, but YMMV.
https://help.duo.com/s/article/9470?language=en_US
