This idea has been merged into another idea. To comment or vote on this idea, please visit BRS-I-172 Tighter LDAP Integration.
We currently can access our network 2 ways: Cisco VPN with Duo (using Radius) as advanced authentication and Bomgar using DUO for advanced authentication. We would like to transition to use DUO with Active Directory instead of Radius to manage our Windows accounts so that we can expire passwords within 90 days as is required by CJIS security policy, but there is a software limitation with Bomgar. We cannot force password changes upon connection using Bomgar w/ DUO. Since Bomgar is one of few remote software packages that are FIPS 140-2 compliant and allowed to be used by law enforcement nationwide, I think its important that Bomgar contain all features that allow for CJIS security policy to be met with ease. As of now, if we set passwords to expire every 90 days in AD, as required by CJIS policy, passwords just expire and the user is locked out forcing an admin to go into AD and fix the issue manually. Bomgar should warn the user so many days in advance "Hey your domain password is going to expire, you need to update it". Many places use Bomgar as the only means to access servers and do not allow RDP.