With Duo Security you can use Multi-Factor Authentication (MFA) with your WordPress installation.

Duo provides its own WordPress plug-in, but this is incompatible with NADI. Instead, use the Duo Authentication Proxy.

Duo Authentication Proxy

The Duo Authentication Proxy sits between your WordPress installation and the connected Active Directory. Each authentication request from NADI is intercepted by the proxy, then asking for MFA credentials.

Install the Duo Authentication Proxy as described in their documentation.

After the installation, set up your NADI Environment configuration:

Setting Value
Domain Controllers IP of the host you have Duo Authentication Proxy installed to
Port 636
Use Encryption LDAPS
Allow self-signed certificates probably Checked or configure x.509 certificates for LDAPS
LDAP network timeout 60
Base DN Must match with your Duo Proxy's search_dn attribute

After NADI has been set up, you can try to log into WordPress with one of your Active Directory users. Duo-enabled users are now required to enter their additioanl MFA credentials.