Duo
If your organization uses Duo for multi-factor authentication, it can be integrated with Identity360 to secure portal logins, applications, and endpoints. Through Web SDK v4 you can seamlessly integrate Duo's MFA capabilities with Identity360, redirecting users to Duo for authentication, while enabling users to leverage the Duo Mobile app and other authenticators configured in Duo for Identity360's MFA. Users can approve or deny these login requests using a push notification or by entering the six-digit security code generated by the Duo Mobile app.
Prerequisites
- To configure Web SDK, you need to have a valid Duo account. To know more about Duo plans that offer Web SDK feature, refer to this page.
- Add the Duo API hostname as a trusted site or intranet site on the users' machine if they are using older versions of Internet Explorer. Pop-ups and redirect permissions must be enabled for Identity360 in your browser settings for seamless redirection of the Duo Universal Prompt.
- When using Duo as an authenticator in Identity360, verify that the user's Status is set to Active Require multi-factor authentication (default) in the Duo admin portal to prevent users from skipping Duo verification during Identity360 MFA.
Web SDK v4 configuration steps
- Log into your Duo account (for example, https://********.duosecurity.com) or sign up for a new account and log in.
- Go to Applications and click Protect an Application.
- Search for Web SDK and click Protect.
- Copy the Client ID, Client Secret, and API Hostname values.
- From the Identity360 admin portal, navigate to Applications > Multi-factor Authentication > Duo.
- Under Web SDK v4 settings, paste the Client ID, Client Secret, and API Hostname obtained from the Duo Admin Panel in the respective fields.
- Click Save.
Auth API ensures that users' Duo enrollment status is synced with Identity360 while they enroll in the Identity360 user portal and when they are redirected to Duo for authentication.
Notes:
- The Auth API configuration is not mandatory, but we recommend setting it up.
- If Auth API is not configured, the admin must manually remove the user's enrollment in Identity360 because disenrolling a user in Duo will not sync the enrollment status with Identity360. Otherwise, the user will be re-enrolled in Duo if they attempt to authenticate via Duo during Identity360 login.
- Log in to the Duo portal.
- Navigate to Applications and click Protect an Application.
- Search for Auth API. Click Protect.
- Copy the Integration Key and Secret Key.
- In the Identity360 admin portal, under the Web SDK v4 configuration settings for Duo, click Advanced Settings to open Auth API configuration settings.
- Paste the Integration Key and Secret Key copied during step 4 in the relevant fields, and click Save.
The Duo Device Management Portal enables users to add or remove Duo-registered devices from the Identity360 user portal. Here are the steps to configure the Duo Device Management portal:
- Log into Duo and go to Applications > Protect an Application.
- Search for Device Management Portal. Click Protect.
- Copy the Client ID and Client Secret from the Details section.
- In the Identity360 admin portal, under the Web SDK v4 configuration settings for Duo, click Advanced Settings to open Device Management Portal settings.
- Paste the Client ID and Client Secret copied during step 3 in the relevant fields and click Save.
ADManager Plus
ADAudit Plus
ADSelfService Plus
Exchange Reporter Plus
M365 Manager Plus
Previous Topic