Integrating Duo Security with Secret Server
Integrating Duo Security authentication as a two-factor authentication method with Secret Server can enhance the security of the secret management system. By adding an extra layer of authentication, organizations can ensure better protection of sensitive information and reduce the risk of unauthorized access.
Important Duo Security Certificate Authority Changes
This temporary section includes important information that may affect your access to Secret Server. Please read it carefully.
Cisco Duo is replacing its root certificate authority (CA) bundle. The impact on you depends on the application type configured in your Duo Admin Panel. Follow the steps below:
Determine your Application Type
In the Duo Admin Panel, go to Applications > Applications and check the Application Type column.
| Application Type | Action |
|---|---|
| Delinea Secret Server or Thycotic Secret Server | Minimal—Duo granted an automatic extension until March 31, 2026 |
| Auth API, Web SDK, or other custom application | Urgent—authentication failures may begin February 2, 2026 |
If You Have a Published Secret Server
Secret Server uses Windows certificate validation, not embedded certificate pinning. Secret Server Cloud integrations require no changes. Secret Server On-Premises integrations continue to function as long as the web server receives regular Windows Updates to maintain current root CA certificates.
If You Have a Custom Application
Administrators using custom applications, such as Auth API or Web SDK, must take one of the following actions to avoid authentication failures:
- Either contact Duo (support@duo.com) to request an extension.
- Or switch to the published Delinea Secret Server application in the Duo Admin Panel, and update the credentials in Secret Server at Admin > Configuration > Login > Duo.
Key Dates
| Date | Event |
|---|---|
| February 2, 2026 | Intermittent authentication failures begin for custom applications |
| March 31, 2026 | Duo rotates CA roots; servers with outdated root certificates fail to connect |
For details, see Duo's knowledge base article.
This integration provides the following benefits:
-
Two-Factor Authentication: Duo Security provides a robust two-factor authentication solution that adds an extra layer of security to the authentication process. By integrating Duo Security with Secret Server, users will be required to provide a second factor, such as a push notification, phone call, or passcode, in addition to their username and password when accessing the secret management system.
-
Multi-Factor Authentication Options: Duo Security offers a variety of multi-factor authentication options, allowing users to choose the method that best suits their preferences or organization's security requirements. These options can include push notifications to a mobile app, phone call verification, SMS pass-codes, or hardware tokens. Users can select their preferred method during the setup process.
-
Easy Configuration: The integration between Delinea Secret Server and Duo Security is designed to be straightforward and easy to configure. The documentation provided by Delinea outlines the steps required to set up the integration and enable Duo Security as a 2FA method within Delinea Secrets. The process typically involves configuring the Duo Security application and integrating it with Delinea Secrets using provided instructions.
-
Enhanced Security: By implementing Duo Security as a 2FA method, organizations can significantly enhance the security of their secret management system. Two-factor authentication adds an extra layer of protection against unauthorized access, even if an attacker manages to obtain or guess a user's password. This helps prevent potential data breaches and unauthorized disclosure of sensitive information.
-
User-Friendly Experience: Duo Security's multi-factor authentication methods are designed to be user-friendly and convenient, providing a seamless authentication experience for users accessing Delinea Secrets. Users can choose their preferred method and complete the authentication process quickly and easily, without compromising security.
To learn more about this integration, see Duo Security Authentication in Secret Server documentation.
