DUO MFA
Sectona PAM system integrates with DUO for multi-factor and push- based authentication. This integration is supported using API integration with DUO.
This section covers integrating DUO MFA with Sectona PAM:
Before you begin
Make sure you have administrator access in duo security console.
Make sure the user has the DUO Mobile app installed on his/her Android/iOS device for enabling MFA.
Syncing users
User account information must be in sync between DUO and Sectona. Typically, if you are using Active Directory you will need to sync it with DUO or add users manually using supported methods. To sync the Active Directory, go to Users → Directory Sync, and you can add your Active directory.
Configuring DUO MFA with Sectona
To configure DUO MFA with Sectona instance, follow the below recommended steps:
Login to PAM as an administrator.
Go to Platform Configuration and under the Authentication column you will find Multifactor Authentication → DUO.
Fill in the following details:
Description: Provide a suitable description for identification.
API Host Name: Enter your DUO API Hostname. To get API Hostname, login to DUO security portal. Go to Application → Partner Auth API → API hostname. Click on the hostname to copy it.
Timeout (Seconds): Provide the timeout period for communication attempts from the PAM server to the DUO server.
Integration Key: Enter your DUO Integration Key. To get Integration Key, login to DUO security portal. Go to Application → Partner Auth API → Integration key. Click on the key to copy it.
Secret Key: Enter your DUO Secret Key. To get Secret Key, login to DUO security portal. Go to Application → Partner Auth API → Secret key. Click in the text box to view the secret key and copy it.
Network Proxy: An internal network proxy can be configured in Sectona PAM application. For configuring network proxy, refer to Setting up a network proxy . To configure DUO through network proxy, enable the network proxy option by clicking on the checkbox and select the network proxy from the drop-down.
- Admin API Host Name: Enter your Admin API hostname. To get Admin API Hostname, login to DUO security portal. Go to Application → Admin API → API Hostname. Click on the select button to copy it.
- Admin API Integration Key: Enter your Admin API Integration Key. To get Admin API Integration Key, login to DUO security portal. Go to Application → Admin API → Integration key. Click on the select button to copy it.
- Admin API Secret Key: Enter your Admin API Secret Key. To get Admin API Secret Key, login to DUO security portal. Go to Application → Admin API → Secret key. Click in the text box to view the secret key and copy it.
Click on Active to activate the configuration.
Click on Save and DUO MFA and push-based authentication will be enabled.
For enabling DUO MFA for users, the administrator will need to assign User Logon Policy with MFA Type as DUO.
For enabling DUO push authentication for users, the administrator will need to assign User Logon Policy with MFA Type as DUO Push Authentication.
For more information, refer to Setting up user logon policy.
If you want to use Duo MFA from Sectona PAM's end, use the method mentioned above. This method would support Push and token-based OTP. Suppose you would like to avail of complete authentication services from Duo, visit Duo SAML.