Duo Security

Duo Security is a cloud-hosted SAML Identity Provider (IdP) that adds two-factor authentication, complete with inline self-service enrollment and Duo Prompt, to popular cloud services like Salesforce and Amazon Web Services using SAML 2.0 federation.

Information Stored
Minimum Permissions Required
Authentication Method
Credentials Required
Integrating Duo Security with SaaS Management
API Endpoints

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task

Information Stored

Application Roster

User ID
Email
Real Name
Active Date

Application Access

User ID
Last Login

Application Discovery

SSO Application ID
SSO Name

SSO Application Roster

User ID
Email
Real Name
Active Date
SSO Application ID
SSO Name

SSO Application Access

User ID
Occurred
Event Type
SSO Application ID
SSO Name

Note:Please note the following:

The information stored is subject to change as enhancements are made to the product.
For Single Sign-On (SSO) information, the SSO Name is the name of the application managed by the SSO provider. The SSO Display Name is the display name of the application managed by the SSO provider. Depending on the application, these two names may appear the same or different. Therefore, both SSO Name and SSO Display Name are stored in SaaS Management.

Minimum Permissions Required

Administrator with the Owner role. For details, refer to the First Steps section of the Duo Admin API documentation.

Authentication Method

Basic

Credentials Required

Integration Key
Secret Key
API Hostname

Integrating Duo Security with SaaS Management

To integrate Duo Security with SaaS Management, perform the following tasks.

Adding the Admin API Application in the Duo Admin Panel
Integrating Duo Security with SaaS Management

Adding the Admin API Application in the Duo Admin Panel

Administrators with the Owner role perform the following steps to add the Admin API application in the Duo Admin Panel.

Note: This API is automatically available to paying Duo Beyond, Duo Access, and Duo MFA plan customers. New customers with an Access or Beyond trial account may contact Duo Support to request Admin API access.

To add the Admin API application in the Duo Admin panel:

1. Sign in to the Duo Admin Panel and navigate to Applications.
2. Click Protect an Application and locate the entry for Admin API in the applications list.
3. Click Protect on the far-right of the screen to configure the application and obtain your Integration Key, Secret Key, and API Hostname. You will need this information to complete the integration with SaaS Management.

4. Enable the following Admin API permissions:
Grant applications: permit this Admin API application to add, modify, and delete applications.
Grant read log: permit this Admin API application to read logs.
Grant read resource: permit this Admin API application to read resources such as users, phones, and hardware tokens.

Integrating Duo Security with SaaS Management

To integrate Duo Security with SaaS Management, enter the following.

To integrate Duo Security with SaaS Management:

1. Add the Duo Security application in SaaS Management. Refer to Adding an Application.
2. Enter the following Duo Security information in SaaS Management:
Integration Key
Secret Key
API Hostname of the Admin APIs’ API endpoints
3. Click Authorize.

Tip:Once the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For details, refer to Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

API Endpoints

Application Roster and Application Access

https://api-XXXXXXXX.duosecurity.com/admin/v1/users

Application Discovery

https://api-XXXXXXXX.duosecurity.com/admin/v1/integrations

SSO Application Roster

https://api-XXXXXXXX.duosecurity.com/admin/v1/users
https://api-XXXXXXXX.duosecurity.com/admin/v2/logs/authentication

SSO Application Access

https://api-XXXXXXXX.duosecurity.com/admin/v2/logs/authentication