Configure Duo Security in EAA

Before you begin

In order to configure Duo Security in EAA, you first need to set up and admin account in Duo and retrieve some key information. See Retrieve information from Duo Security.

To learn more about Duo 2FA, visit their web help at

You can add Duo multi-factor authentication (MFA) to any EAA IdP you have configured. Duo MFA is configured similar to, and works alongside, other EAA MFA options.

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar click Identity > Identity Providers.
    The Identity Providers page appears.
  3. Locate the identity provider (IdP) you wish to configure or Add a new identity provider.
  4. Click the Settings (gear) icon.
    The IdP General Settings page opens.
  5. Click the Multifactor tab.
  6. Optionally, to enable a global MFA policy, select the IdP MFA Policy check box. See Enable a global multifactor authentication policy for Login Portal users.
  7. Select the MFA factors to apply.
  8. Select the Duo checkbox.
    The Duo configuration parameters appear.
  9. Enter the Integration key, Secret key, and API hostname from Duo. See Retrieve information from Duo Security.
  10. Select a Duo UserID attribute. Choose one of the following,
    • Email
    • sAMAaccountName
    • User Principal Name (UPN)
    • Domain/sAMAaccountName
  11. To save the changes click Save & Exit or Save and go to Advanced Settings.

Next steps

For the changes to go into effect, Deploy the identity provider