# Duo Security ## Overview Identity Intelligence's platform can analyze authentication events in Duo Security to give insights into how users are accessing your applications and using MFA. In order to provide Insights, you have to set up an integration between Duo Security and Identity Intelligence for analysis. This document will walk you through the process of setting up API access to Duo and will also walk you through the complementary setup inside of the Identity Intelligence console. {% hint style="info" %} **Attention Duo Customers!!**\ This documentation should only be utilized if you are configuring an ***additional*** Duo integration, ***after*** you have provisioned your Identity Intelligence tenant via the Duo Admin Panel.\ \ For instructions on how to provision your Identity Intelligence tenant, which includes an autogenerated Duo integration, via the Duo Admin Panel, please refer to the [Duo documentation](https://duo.com/docs/identity-security#provision-your-cisco-identity-intelligence-tenant). {% endhint %} ## Duo Security Integration ### Understanding Identity Intelligence admin API permissions There are different types of API types of permissions sets that can be used with your Identity Intelligence tenant and Duo. * **Read-only admin API** - this is generated using a read-only permission (shown below) and used for data ingestion and analysis only. * **Read/write admin API permissions** - this adds the `Grant write resource` permission in order to take advantage of the defined list of Identity Intelligence's [Remediation Actions](https://docs.oort.io/understanding-your-users/remediation-actions#remediation-actions) * **Auth API permissions** - one of the Actions available for an individual user is to send a push notification to the user's Duo enrolled mobile device. The Duo Auth API requires a separate auth key, as outlined below. Remediation actions can only be taken by administrator or help desk roles in Identity Intelligence and are limited to the list in the above article. **Identity Intelligence recommends configuring all of the APIs documented below for full functionality and the best experience.** ### Duo Admin API Configuration You need to have admin access in Duo Security to add the necessary configurations using the following steps: 1. From the Duo admin console, select **Applications** 2. In the top right corner, select **Protect an Application** 3. Search for **Admin API** and select **Protect** 4. Add the necessary API Permissions For **read-only** functionality, the API Permissions required are: * **Grant Administrators** - Read * **Grant read information** * **Grant read resource** * **Grant read log** For **read/write capabilities** associated with [Identity Intelligence Remediation Actions](https://app.gitbook.com/o/5tZLGpRcYwxbRurPmO8K/s/qPSBzsjxd7KYg9DNVZ4l/~/changes/741/~/revisions/Xpoo573yjfaCcB37daHm/understanding-your-users/remediation-actions), add the `Grant Write resource` to the list of permissions * **Grant Administrators** - Read AND Write * **Grant read information** * **Grant read log** * **Grant read resource** * **Grant write resource** 5. Select **Save Changes** ### Duo Auth API Configuration A Duo Auth API key is required for the Send Push Notification functionality mentioned above. In the Duo Admin panel\ 1\. Select **Applications** and then select **Protect Auth API**

2. Copy the Integration key and secret key for use in the Identity Intelligence platform configuration 3. Scroll down and give the Auth API a name that will indicate to end users that the push is from your company

### Identity Intelligence Configuration Follow the steps below to connect additional Duo integrations, other than the integration that was automatically created via Duo. Navigate to **Integrations -> New Integration -> Duo** Give the integration a display **name**. Enter the **API hostname, Integration key, and secret key** into the Identity Intelligence console. **NOTE** - the API hostname must not contain a prefix like `https://` - it should only be of the form\ `api-xxxxxxx.duosecurity.com` ![](https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FyLLZfBlDb8udE8Ck8dSI%2FDDuEKPychC1cwBFS1rO_oaK5mxJPTDhKhEe6uvJ6dKm416pcggHac98MmWv2Lx0zIy6G6XOFzGV4J1f6DvlJdfZwiOsW39h4ijV28XyMdIgbXkqWVy4WRTNxSRsyMqmaWtU1P4c2CaYugf1M4BBsqw.png?alt=media\&token=b465f242-55f8-424d-bb66-44743a321b9c) Slide the button to enable Support Push Verification. Enter the **Auth API**** Integration Key** and **Secret Key.**

On the Advanced Settings tab, review the [Managed Integration](https://docs.oort.io/integrations/managed-integrations) info to ensure that you are collecting the relevant data types Click **Save**. ### Test Connectivity and Start Collection On the Integrations page, click the bar for the new Duo integration and select **Test Connectivity** from the menu. ![](https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2Fct07AvyCol1SWqUIZFvv%2FQ-OG0IqawzgTYrbgIz8f0FiAyso5v8JtsEnLfKGsaAJgsVHuRhA34Nj39brDulaVaEZU4Qt3thS4NzWMi_MTJ3MakEzHDF1WQ5p7suvLNIWDCi1d-qXz1rPpNWwkeFGfxfcOwNLJeWc6nRLwFmGaEk4.png?alt=media\&token=81f5093a-9420-43c7-ac53-2292899ef0b2) After testing successfully, click the **Collect Now** button to begin initial data collection immediately. ### Event Streaming Event streaming can only be configured for Duo integrations for Identity Intelligence that were provisioned from the Duo Admin Panel. Enabling the event streaming is done on Step 2 of the wizard while provisioning, or it can be done after provisioning by going back to Step 2 of the wizard. If you are creating a *second* Duo integration in Identity Intelligence (in addition to the one autogenerated upon tenant creation), event streaming is not currently supported for additional Duo integrations.