Duo Security

Configuring Duo Security with Specops Authentication for uResetSecure Service DeskKey RecoveryAuthentication for O365 will extend Duo Security’s two-factor authentication system to uReset users.

Configuring Duo Security with Web SDK

NOTE
Web SDK is only available to customers who started using Duo Security prior to the 8.15 release of Specops Authentication. Customers who start using Duo Security from 8.15 onwards must use Auth API (see below) to configure Duo Security.

Pre-requisites: The Owner, Administrator, or Application Manager Administrative Roles are required in Duo Security.

  1. Log in to the Specops Authentication Web: https://login.specopssoft.com/authentication/admin
  2. Select Identity Services in the left sidebar navigation, then select Duo Security.
  3. Select Enable, then in the pop-up select Enable again. This will make the service available for use in Specops services.
  4. Log into the Duo Security Admin Panel.

    Alt text for this image
  5. Select Applications in the left sidebar navigation, then select Protect an Application.
  6. The next page shows a list of the different types of services that can be integrated with Duo Security. In the list, find Web SDK and select Protect this application.
  7. Set a policy for the application by using an existing one or creating a new one.
    NOTE
    the New User Policy setting should be set to Require enrollment. Allow access without 2FA will allow users to bypass Duo Security without authenticating. Deny access will block users from authenticating with Duo Security.
    NOTE
    the Group Access Policy setting should be set to No action. As with the New User Policy, it cannot be set to Allow access without 2FA or Deny access.
  8. Configure the Settings and enter a name.
  9. Select Save.
  10. From the Details section, copy the Integration key, Secret key, and API hostname into their corresponding fields in the Specops Authentication Client.
    NOTE
    the Attribute name field can be left blank to use the default Active Directory attribute (sAMAccountName), unless you need to use a different AD attribute.
  11. Select Test connection. If the connection was successful, a message saying Connection test successful will apear.
    Alt text for this image
  12. Select Save.

To add Duo Security to your policy

  1. Select uResetSecure Service DeskKey RecoveryAuthentication for O365 in the left sidebar navigation, then select Configure in the Policies section.
  2. Drag Duo Security from the Unselected Identity Services section to the Selected Identity Services section, and configure Weight, Required and Protected settings.
  3. Select Save.

Configuring Duo Security with Auth API

NOTE
Customers who started using Duo Security prior to the 8.15 release of Specops Authentication have the option to revert back to using Web SDK for configuring Duo Security.

Pre-requisites: The Owner, Administrator, or Application Manager Administrative Roles are required in Duo Security.

  1. Log in to the Specops Authentication Web: https://login.specopssoft.com/authentication/admin
  2. Select Identity Services in the left sidebar navigation, then select Duo Security.
  3. Select Enable, then in the pop-up select Enable again. This will make the service available for use in Specops services.
  4. Log into the Duo Security Admin Panel.

    Alt text for this image

    Duo Security administration page

  5. Select Applications in the left sidebar navigation, then select Protect an Application.
  6. The next page shows a list of the different types of services that can be integrated with Duo Security. In the list, find Auth API and select Protect this application.
  7. Set a policy for the application by using an existing one or creating a new one.
    NOTE
    the New User Policy setting should be set to Require enrollment. Allow access without 2FA will allow users to bypass Duo Security without authenticating. Deny access will block users from authenticating with Duo Security.
    NOTE
    the Group Access Policy setting should be set to No action. As with the New User Policy, it cannot be set to Allow access without 2FA or Deny access.
  8. Configure the Settings and enter a name.
  9. Select Save.
  10. From the Details section, copy the Integration key, Secret key, and API hostname into their corresponding fields in the Specops Authentication Client.
    NOTE
    the Attribute name field can be left blank to use the default Active Directory attribute (sAMAccountName), unless you need to use a different AD attribute.
  11. Select your desired setting for Auto-enroll users in Specops Authentication. Setting it to yes will automatically enroll all users.
    NOTE
    In order to use Duo Security with Quick Verification, this setting must be set to Yes
  12. Select Test connection. If the connection was successful, a message saying Connection test successful will apear.
    Alt text for this image
  13. Select Save.

To add Duo Security to your policy

  1. Select uResetSecure Service DeskKey RecoveryAuthentication for O365 in the left sidebar navigation, then select Configure in the Policies section.
  2. Drag Duo Security from the Unselected Identity Services section to the Selected Identity Services section, and configure Weight, Required and Protected settings.
  3. Select Save.

Using Duo Security with Quick Verification

Quick Verification can only be used with Auth API. Note that when the Auto-enroll users in Specops Authentication setting is set to No, you can not use Quick Verification (or Advanced Verification) for users who have not enrolled with Duo Security.

NOTE
customers using Web SDK to configure Duo Security are not able to use Duo Security for Quick Verification. It will only be availabe as an Advanced Verification.