DUO Two-Factor Authentication

If your organization is using multi-factor authentication, you can configure EmpowerID to enable users to use Duo as a second factor by registering your corporate Duo account in EmpowerID and adding Duo Two-Factor Authentication to any Password Manager policy or SSO application as a multi-factor authentication type.

Prerequisites

In order to use Duo, your organization must have a Duo account. If you do not have a Duo account, you can sign up for one by visiting https://signup.duo.com/.


Integrate DUO Two-Factor Authentication

  1. On the navbar, expand Infrastructure Admin > EmpowerID Servers and Settings and click EmpowerID System Settings.

  2. Search for DUO. Settings for DUOAPIHostName, DUOIntegrationKey and DUOSecretKey appear in the grid.

     

  3. Click the Edit button for the DUOAPIHostName setting.


    In the dialog that appears, enter your DUO API hostname in the Value field and click Save.

     

  4. Back in the grid, click the Edit button for the DUOIntegrationKey setting.

  5. Enter your DUO integration key in the Value field and click Save.

  6. Next, click the Edit button for the DUOSecretKey setting.

  7. Enter your DUO secret key in the Value field and click Save.

    Each DUO setting is now populated with the corresponding values for your DUO account.

Now that you have registered your DUO account in EmpowerID, the next step to using it for MFA in EmpowerID is to add it as an MFA type to one or more Password Manager policies and SSO applications.

Assign MFA Types to Password Manager Policies

Assign MFA Types to Applications.