Comment on page

Duo Security Integration



Oort’s platform can analyze authentication events in Duo Security to give insights into how users are accessing your applications and using MFA. In order to provide Insights, you have to set up an integration between Duo Security and Oort for analysis. This document will walk you through the process of setting up API access to Duo and will also walk you through the complementary setup inside of the Oort console.

Duo Security Integration

Understanding Oort admin API permissions

There are different types of API types of permissions sets that can be used with your Oort tenant and Duo.
  • Read-only admin API - this is generated using a read-only permissions (shown below) and used for data ingestion and analysis only
  • Read/write admin API permissions - this adds the Grant write resource permission in order to take advantage of the defined list of Oort Remediation Actions.
  • Auth API permissions - one of the Actions available for an individual user is to send a push notification to the user's Duo enrolled mobile device. The Duo Auth API requires a separate auth key, as outlined below.
Remediation actions can only be taken by administrator or help desk roles in Oort and are limited to the list in the above article.

Duo Admin API Configuration

To add the necessary configuration, you need to have admin access in Duo Security.
From the Duo admin console, select Applications.
Select Admin API.
Note the integration key and API hostname.
For read-only functionality, the API Permissions required are:
For read/write capabilities associated with Oort Remediation Actions, add the Grant Write resource to the list of permissions.
Click Save Changes.

Oort Configuration

Enter the API hostname, Integration key, and secret key into the Oort console under
Integrations -> New Integration -> Duo
Click Save.
On the Integrations page, click the bar for the new Duo integration and select Test Connectivity from the menu.
After testing successfully, click the Collect Now button to begin initial data collection immediately.
Last modified 3mo ago