Reference Material | Duo Security

Configure Duo Security with Specops uReset

Configuring Duo Security with Specops uReset will extend Duo Security’s two-factor authentication system to Specops uReset users. The configuration must be completed from the same computer running the Gatekeeper.

Pre-requisites: The Owner, Administrator, or Application Manager Administrative Roles are required in Duo.

  1. Open the Specops uReset Administration tool, and select the License and Identity Services tab.
  2. In the list of Identity Services, find Duo Security, and click Configure. You will need the Integration key, Secret key, and API hostname to identify the uReset application to Duo.
  3. Log into the Duo Admin Panel.
  4. Click Applications in the left sidebar, then click Protect an Application.
  5. A page with a list of the different types of services that can be integrated with Duo will appear. Find Web SDK and click Protect this Application.
  6. The Details section will display the Integration key, Secret key, and API hostname. Copy the details into their corresponding field in the uReset Admin Tool.
  7. Click Test Connection to validate the settings, and click OK.
  8. Return to the Duo Admin Panel, and scroll down to the Settings > General Enter a name for the application, for example Specops uReset. This name will be displayed to users when authenticating with uReset using Duo Security.
  9. Configure the General Settings, Global Policy, or create a new policy, as you see fit.

Note: If Allow Access or Deny Access is enabled in the New User Policy setting, unenrolled users will not be permitted access to authenticate with Duo Security during a password reset.

Enable and configure Duo Security Policy Settings

  1. Open the Specops uReset Administration tool, and select Policies and Groups.
  2. Find the Policies row and select the policy you want to modify.
  3. Click Duo Security from the list of available Identity Services.
  4. The Duo username is stored on the samAccountName. If Duo Security is enabled in the policy, all affected users will be enrolled with Duo Security on Specops uReset. Enrollment with Duo Security is required before it can be used with Specops uReset.
  5. Click OK.

Administrator Enrollment

If Duo Security is enabled in the policy, all affected users will be enrolled with Duo Security on uReset. Enrollment with Duo Security is required before it can be used with uReset. Duo Security enrollment with uReset will:

  • Use samAccountName as the Duo Username.

Since the attribute will always contain the Duo username, users will always be enrolled with Duo Security on uReset. However, to authenticate to uReset using Duo Security, you will need to ensure that your users have a complete Duo enrollment.