Duo Authentication

In case there is a need to use Duo multi-factor authentication (MFA), single sign-on (SSO), and the authenticator app product for authentication in OpenIAM, follow the guidance below to configure it.

Configuring DUO Account

  1. Sign up for a Duo account (https://signup.duo.com).
  2. Log in to the Duo Admin Panel and navigate to Applications (https://admin.duosecurity.com/).
  3. Click Protect an Application and locate the 2FA-only entry for Web SDK in the applications list.
  4. Click Protect to the far right to configure the application and get your Client ID, Client secret, and API hostname. You'll need this information to complete your setup. See Protecting Applications for more information about protecting applications in Duo and additional application options.
  5. Activate Universal Prompt for your 2FA Web SDK entry.

Universal prompt

More instructions can be found on the DUO website: https://duo.com/docs/oauthapi#first-steps.

Configuring OpenIAM

  1. Create a new authentication provider with DUO authentication provider type and fill in the required fields, as follows.

New auth provider

Fields to fill

  1. Set DUO authentication as the default authentication provider.

Default auth provider

  1. Use the default DUO authentication rule or create a new rule with the required authentication types.

Auth rule

Example

The following example shows how to select the About page with DUO authentication.

  1. Select the required item in the menu.

Selecting item on the menu

  1. Redirect to the DUO server using the API hostname value.

API hostname

  1. Enter the code on your phone.

Phone code

  1. Redirect to OpenIAM using the Redirect URI value of the Authentication provider page.