Duo Security

Once Duo Security verification is enabled, users can use the six digit security codes generated by the Duo mobile app to prove their identity.

Note: Configuring the Auth API in Duo Security is optional. Auth API configuration is used to verify the user's enrollment with Duo Security. If Auth API is not configured, then on deleting a user's enrollment in Duo Security, it is mandatory to remove the user's enrollment in ADSelfService Plus too. If not, the user will be added back to Duo Security when it is used for authentication in ADSelfService Plus.

Prerequisite Steps

  1. Log in to your Duo Security account (e.g., https://admin-3d5d33c0.duosecurity.com), or sign up for a new one and log in.
  2. Go to Applications. Click Protect an Application.
  3. Search for Web SDK. Click Protect this Application.
  4. Copy Integration key, Secret key and API hostname.

Optional (only to be followed if configuring Auth API):

  1. Return to Applications and click Protect An Application again.
  2. Search for Auth API. Click Protect this Application.
  3. Copy Integration key and Secret key.

Optional (to be followed if configuring the Device Management Portal):

Note: The Device Management Portal enables users to add or remove Duo-registered devices from the self-service portal.
  1. Go to Applications > Protect an Application.
  2. Search for Device Management Portal. Click Protect.
  3. Copy Integration key and Secret key from the Details section.

Steps for Duo Security verification:

  1. Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
  2. From the Choose the Policy drop-down, select a policy.

    Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

  3. Click Duo Security section.
  4. Under Web SDK, in the Integration key field, Enter the Integration Key copied in the Prerequisite step 4.
  5. In the Security key field, Enter the Secret Key copied in the Prerequisite Prerequisite step 4.
  6. In the API hostname field, Enter the API Hostname copied in the Prerequisite Prerequisite step 4.
  7. In the Username Pattern field, select the attributes whose combined value matches the corresponding Duo account name of the users.

Optional (only to be followed if configuring Auth API):

  1. Under Auth API, in the Integration key field, Enter the Integration Key copied in the Prerequisite Prerequisite step 7.
  2. In the Security key field, Enter the Secret Key copied in the Prerequisite Prerequisite step 7.

    Web SDK is used to integrate Duo Security as a multi-factor authenticator.
    Auth API is used to verify the enrollment status of the user with Duo Security.

    Duo Security

  3. Click Save.

Optional (to be followed if configuring the Device Management Portal):

  1. In the Device Management Portal, fill the Integration key and Secret key fields with the details copied in Prerequisites step 10.
  2. Click Save.

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2021, ZOHO Corp. All Rights Reserved.