Configure Duo Security in EAA
In order to configure Duo Security in EAA, you first need to set up and admin account in Duo and retrieve some key information. See Retrieve information from Duo Security.
Before you begin
To learn more about Duo 2FA, visit their web help at https://duo.com/docs/duoweb
You can add Duo multi-factor authentication (MFA) to any EAA IdP you have configured. Duo MFA is configured similar to, and works alongside, other EAA MFA options.
- Log in to the Enterprise Application Access (EAA) Management Portal.
From the top menu bar click
. The Identity Providers page appears.
- Locate the identity provider (IdP) you wish to configure or Add a new identity provider.
Click the Settings (gear)
The IdP General Settings page opens.
- Click the Multifactor tab.
- Optionally, to enable a global MFA policy, select the IdP MFA Policy check box. See Enable a global multifactor authentication policy for Login Portal users.
- Select the MFA factors to apply.
Select the Duo checkbox.
The Duo configuration parameters appear.
- Enter the Integration key, Secret key, and API hostname from Duo. See Retrieve information from Duo Security.
Select a Duo UserID attribute. Choose one of the
- User Principal Name (UPN)
- To save the changes click Save & Exit or Save and go to Advanced Settings.
For the changes to go into effect, Deploy the identity provider