Home
Play books
Cisco Duo - Add user to group

Cisco Duo - Add user to group

Entities: User, IP Log type: Cisco Duo

In this page

Playbook Description

This playbook investigates and adds users to groups by analyzing user behavior, checking group membership, and taking appropriate actions to manage user access.

Playbook input type

Alert

Prerequisites

Cisco Duo configuration - Need to connect Cisco Duo using HMAC connection with Integration and secret key.

Dependencies

Extensions - Cisco Duo

ciscoduo_createGroup
ciscoduo_modifyUser
ciscoduo_getGroupMembers
ciscoduo_retrieveGroups

Utility functions:

utility_convertToString
utility_filterAndMatchEvents
utility_extractFieldFromList

Connections

Cisco Duo connection - Need to connect Cisco Duo using Integration Key, Secret Key and API Hostname.

Execution workflow

Investigation:

Retrieve all groups.
Checks if playbook policy group exists.
Checks whether group exists.
Creates a new group.
Updates the user.

Execution Workflow — Figure: Execution workflow of the playbook

Post execution procedure

Verify that the user was successfully added to the correct group in Cisco Duo.
Confirm that the group policy restrictions are active and properly enforced.
Review the user's access permissions to ensure appropriate least-privilege alignment.
Monitor the user's authentication activity for any anomalies after group assignment.
Document the group membership change for audit and compliance purposes.

Awards & recognition

ManageEngine named in 2025 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

Editor's choice

8th time in the MQ in 2025

Major player in 2024

Integrated cloud security Innovator

Technical excellence in SIEM

Market leader most innovative