Duo Security

Note: Duo Security is an Advanced Authenticator available as part of the Professional Edition of ADSelfService Plus.

If your organization uses Duo Security for two-factor authentication, it can be integrated with ADSelfService Plus to secure logins, applications and endpoints. Users can approve or deny these login requests using a push notification or by entering the six-digit security code generated by the Duo mobile app. Authentication via Duo Security can be configured in two ways in ADSelfService Plus: Web v2 SDK and Web v4 SDK.

Web v2 SDK uses a traditional Duo prompt which will be displayed in an iframe in ADSelfService Plus, whereas Web v4 SDK uses Duo's OIDC-based universal prompt with a redesigned UI that redirects users to Duo for authentication.

Note: Duo Security has phased out Web v2 SDK, so it is recommended to switch to Web v4 SDK, which features the new Universal Prompt.

Prerequisite Steps

Web v4 SDK configuration steps

Note: It is required to have a secure connection to set up the Web v4 SDK authentication. Please make sure that you have enabled HTTPS in the product and Access URL.

  1. Log into your Duo Security account (e.g., https://********.duosecurity.com) or sign up for a new account and log in.
  2. Go to Applications and click Protect an Application.
  3. Duo Security

  4. Search for Web SDK and click Protect.
  5. Duo Security

  6. Copy the Client ID, Client secret, and API hostname values.
  7. Duo Security

  8. From the ADSelfService Plus admin portal, navigate to Configuration > Multi-factor Authentication > Duo Security.
  9. Select Web v4 SDK for Integration Type.
  10. Duo Security

  11. Paste the Client ID, Client secret, and API hostname obtained from the Duo Admin Panel in the respective fields.
  12. Enter the same username pattern used in Duo Security in the Username Pattern field.
  13. Click Save.

Configuring Auth API for Web v4 configurations of Duo Security

  1. If configuring Auth API, follow these steps and obtain the Integration Key and Secret Key from the Duo Security portal.
  2. Under the Web v4 SDK configuration settings for Duo Security, Click Advanced Settings to open up the Auth API configuration settings.
  3. Paste the Integration Key and Secret Key into the relevant fields, and click Save.

Duo Security

Configuring Device Management Portal settings for WebV4 configurations of Duo Security

The Duo Device Management Portal enables users to add or remove Duo-registered devices from the self-service portal. The Device Management Portal for Web v4 uses Duo's OIDC-based universal prompt with a redesigned UI that redirects users to Duo on a new tab. Here are the steps to configure the Duo Device Management portal:

  1. Log into Duo Security and go to Applications > Protect an Application.
  2. Search for Device Management Portal. Click Protect.
  3. Copy the Client ID and Client Secret from the Details section.
  4. Under the Web v4 SDK configuration settings for Duo Security, Click Advanced Settings to open the Device Management Portal settings.
  5. Paste the Client ID and Client Secret into the relevant fields and click Save.

Duo Security

Web v2 SDK configuration steps

  1. Log in to your Duo Security account (e.g., https://********.duosecurity.com) or sign up for a new account and log in.
  2. Go to Applications and click Protect an Application.
  3. Duo Security

  4. Search for Web SDK and click Protect.
  5. Duo Security

  6. Copy the Integration key, Secret key, and API hostname values.
  7. Duo Security

  8. In ADSelfService Plus, navigate to Configuration > Multi-factor Authentication > Duo Security.
  9. Select Web v2 SDK for Integration Type.
  10. Duo Security

  11. Paste the Integration key, Secret key, and API hostname obtained from the Duo Admin Panel in the respective fields.
  12. Enter the same username pattern used in Duo Security in the Username Pattern field.
  13. Click Save.

Configuring Auth API for Web v2 configurations of Duo Security

  1. If configuring Auth API, follow these steps and obtain the Integration Key and Secret Key from the Duo Security portal.
  2. Under the Web v2 SDK configuration settings for Duo Security, Click Advanced Settings to open up the Auth API configuration settings.
  3. Paste the Integration Key and Secret Key into the relevant fields and click Save.

Duo Security

Configuring Device Management Portal settings for Duo Security

The Device Management Portal enables users to add or remove Duo-registered devices from the self-service portal.

  1. Log into Duo Security and go to Applications > Protect an Application.
  2. Search for Device Management Portal. Click Protect.
  3. Copy the Integration key and Secret key from the Details section.
  4. Under the Web v2 SDK configuration settings for Duo Security, Click Advanced Settings to open up the Device Management Portal settings.
  5. Paste the Integration Key and Secret Key into the relevant fields and click Save.

Duo Security

Configuring Auth API in Duo Security

Configuring the Auth API in Duo Security is optional. Auth API configuration is used to verify the user's enrollment with Duo Security. If Auth API is not configured, then on deleting a user's enrollment in Duo Security, it is mandatory to manually remove the user's enrollment in ADSelfService Plus too. If not, the user will be added back to Duo Security when it is used for authentication in ADSelfService Plus.

Steps to be followed if configuring Auth API:

  1. Login to the Duo Security portal.
  2. Navigate to Applications and click Protect An Application.
  3. Search for Auth API. Click Protect this Application.
  4. Copy the Integration key and Secret key.

Steps to migrate to the new Universal Prompt

  1. In the Duo Admin Panel, select the Web SDK application, which was previously configured for ADSelfService Plus, and copy the Integration key, Secret key and API hostname values.
  2. Scroll down to the Universal Prompt section. The App Update Ready message will be displayed, indicating that Universal Prompt can now be activated for ADSelfService Plus.
  3. Duo Security

  4. In ADSelfService Plus, navigate to Configuration > Multi-factor Authentication > Duo Security.
  5. Click Web v4 SDK and paste the Integration key, Secret key, and API hostname values in the Client ID, Client Secret, and API Host name fields respectively.
  6. Once the Web v4 SDK is configured in ADSelfService Plus and a user authenticates through the frameless Duo v4 SDK, the App Update Ready message in Duo Admin Panel will be updated and the New Prompt Ready message will be displayed.
  7. Duo Security

  8. Select Show new Universal Prompt to activate the universal prompt for ADSelfService Plus.
  9. Duo Security

Copyright © 2024, ZOHO Corp. All Rights Reserved.