Duo Security two-factor authentication
Duo Security is a multifactor authentication (MFA) provider that confirms the identity of users and the health of their devices before the user connects to your applications. Duo supports push notifications, TOTP (time-based one-time password), SMS (text message), voice calls, and emails as second factor authentication (2FA) features as a service.
To learn more about EAA MFA, see Multi-factor authentication.
To learn more about Duo 2FA, visit their web help at https://duo.com/docs/akamai-eaa.
Enterprise Application Access (EAA) provides remote access and MFA for on premise applications and also integrates with Duo’s 2FA services. If you are currently using Duo as a 2FA solution for access to your applications, you simply need to provide some Duo-specific information in EAA to allow the products to communicate and verify identity and access privileges.
- Integration key or ikey: A unique identifier that allows you to retrieve users' API keys based on email and password.
- Secret key or skey: A unique identifier used for encryption of data.
- API hostname: Your API hostname used for all
API interactions with Duo. For example,
The ikey and skey uniquely identify a specific application to Duo. The API hostname is unique to your account, but shared by all of your applications. You'll need these keys and hostname when configuring your system to work with Duo.
- Duo UserID attribute: The Duo user ID attribute selected in
EAA determines how the usernames listed in Duo appear. Choose one of the
- User Principal Name (UPN)
- When using the EAA cloud directory or Open LDAP to authenticate users in the Login Portal, EAA supports only email as the Duo UserID attribute.
- When using the Active Directory (AD) to authenticate users in the Login Portal, EAA supports all Duo UserID attributes.
All communication between EAA’s Login Portal and Duo is secured with TLS. EAA validates the server certificate before sending any information or data to the Duo service.