You can add Duo multi-factor authentication
(MFA) to any EAA IdP you have configured. Duo MFA is configured similar to, and works
alongside, other EAA MFA options.
How to
-
Log in to the Enterprise
Application Access (EAA) Management Portal.
-
From the top menu bar click .
The Identity Providers page appears.
-
Locate the identity provider (IdP) you wish to configure or Add a new identity provider.
-
Click the Settings (gear)
icon.
The IdP General Settings
page opens.
-
Click the Multifactor tab.
-
Optionally, to enable a global MFA policy, select the IdP MFA
Policy check box. See Enable a global multifactor authentication policy for Login Portal users.
-
Select the MFA factors to apply.
-
Select the Duo checkbox.
The Duo configuration parameters appear.
-
Enter the Integration key, Secret
key, and API hostname from Duo. See Retrieve information from Duo Security.
-
Select a Duo UserID attribute. Choose one of the
following,
- Email
- sAMAaccountName
- User Principal Name (UPN)
- Domain/sAMAaccountName
-
To save the changes click
Save &
Exit or Save and go to Advanced
Settings.
Next steps
For the changes to go into effect,
Deploy the identity provider