Duo authentication

This topic describes how to configure Duo in your tenant so you can select it as an authentication mechanism when you create an authentication profile.

Duo is an access security platform offering two-factor authentication. CyberArk Identity supports Duo as an authentication factor so you can continue to use Duo if you already implemented it for other applications, or you can use it in addition to other supported authentication mechanisms.

Requirements to configure Duo

You need the following information to configure Duo with CyberArk Identity. This information is available the Duo Admin Panel. Refer to Duo's documentation for more information.

  • Integration Key

  • Secret Key

  • API hostname

Configure Duo in the CyberArk Identity the Admin Portal

The following procedure describes how to configure Duo and select it as an authentication mechanism.

  1. Go to Settings > Authentication > Duo Configuration, then select Enable Duo.

  2. Enter the Integration Key, Secret Key, and API hostname in the appropriate fields.

    This information is available in your Duo Admin Panel.

  3. Select the AD attribute that you want to use to find the user in Duo.

    Your choices are User Principal or SAM Account. Refer to Microsoft documentation for details.

  4. Click Save.

    Duo is now available in the challenge menus when you create an authentication profile.

    If users haven't already set up Duo on their devices and they select it as an authentication challenge, they see a button to start the setup process. If they already have Duo configured, they have the following options:

    • Send Me a Push

    • Call Me

    • Enter a Passcode

    By default, users have five minutes to complete the Duo setup process and complete the authentication flow.