Duo Security Integration
Overview
Identity Intelligence's platform can analyze authentication events in Duo Security to give insights into how users are accessing your applications and using MFA. In order to provide Insights, you have to set up an integration between Duo Security and Identity Intelligence for analysis. This document will walk you through the process of setting up API access to Duo and will also walk you through the complementary setup inside of the Identity Intelligence console.
Attention Duo Customers!! This documentation should only be utilized if you are configuring an additional Duo integration, after you have provisioned your Identity Intelligence tenant via the Duo Admin Panel. For instructions on how to provision your Identity Intelligence tenant, which includes an autogenerated Duo integration, via the Duo Admin Panel, please refer to the Duo documentation.
Duo Security Integration
Understanding Identity Intelligence admin API permissions
There are different types of API types of permissions sets that can be used with your Identity Intelligence tenant and Duo.
Read-only admin API - this is generated using a read-only permission (shown below) and used for data ingestion and analysis only.
Read/write admin API permissions - this adds the
Grant write resource
permission in order to take advantage of the defined list of Identity Intelligence's Remediation ActionsAuth API permissions - one of the Actions available for an individual user is to send a push notification to the user's Duo enrolled mobile device. The Duo Auth API requires a separate auth key, as outlined below.
Remediation actions can only be taken by administrator or help desk roles in Identity Intelligence and are limited to the list in the above article.
Identity Intelligence recommends configuring all of the APIs documented below for full functionality and the best experience.
Duo Admin API Configuration
To add the necessary configuration, you need to have admin access in Duo Security.
From the Duo admin console, select Applications.
Select Admin API. Note the integration key and API hostname.
For read-only functionality, the API Permissions required are:
Grant Administrators - Read
Grant read information
Grant read resource
For read/write capabilities associated with Identity Intelligence Remediation Actions, add the
Grant Write resource
to the list of permissionsGrant Administrators - Read AND Write
Grant read information
Grant read log
Grant read resource
Grant write resource
Click Save Changes.
Duo Auth API Configuration
A Duo Auth API key is required for the Send Push Notification functionality mentioned above.
In the Duo Admin panel, select Applications -> Protect Auth API.
Copy the Integration key and secret key for use in the Identity Intelligence platform configuration.
Scroll down and give the Auth API a name that will indicate to end users that the push is from your company.
Identity Intelligence Configuration
Navigate to Integrations -> New Integration -> Duo
Give the integration a display name.
Enter the API hostname, Integration key, and secret key into the Identity Intelligence console.
NOTE - the API hostname must not contain a prefix like https://
- it should only be of the form
api-xxxxxxx.duosecurity.com
Slide the button to enable Support Push Verification.
Enter the Auth API Integration Key and Secret Key.
On the Advanced Settings tab, review the Managed Integration info to ensure that you are collecting the relevant data types
Click Save.
Test Connectivity and Start Collection
On the Integrations page, click the bar for the new Duo integration and select Test Connectivity from the menu.
After testing successfully, click the Collect Now button to begin initial data collection immediately.
Event Streaming
Event streaming can only be configured for Duo integrations for Identity Intelligence that were provisioned from the Duo Admin Panel. Enabling the event streaming is done on Step 2 of the wizard while provisioning, or it can be done after provisioning by going back to Step 2 of the wizard.
If you are creating a second Duo integration in Identity Intelligence (in addition to the one autogenerated upon tenant creation), event streaming is not currently supported for additional Duo integrations.
Last updated