Duo Security Authentication

Using this method of two-factor authentication requires that you have an active account for Duo Security.
Secret Server supports using Duo Security as a second factor of authentication. See below for setup instructions.
For more information on Duo and Secret Server, see the DelineaSecret Server and Duo page.

Task 1: Create a Duo Application Representing Your Secret Server (Admin)

  1. Sign up for a new Duo account, or log in to an existing one at Duo Security.

  2. Under Applications, create a new application of the DelineaSecret Server type. Name the application as you wish.

  3. Record the API hostname, integration key, and secret key from the new Duo application you just created.

Task 2: Configure Secret Server to Use Duo (Admin)

Because Duo is a service, the Secret Server instance must have outbound access (TCP port 443) to reach the API host to work. If there is a firewall rule preventing access to Duo's servers, two factor authentication will not work.

  1. Open Secret Server.

  2. From the Admin menu, select Configuration.

  3. Click the Login tab, and then click Edit.

  4. Select the Enable Duo Integration check box.

  5. Enter the API Hostname, Integration Key, and Secret Key values.

  6. Click the Save button.

  7. Go to Admin > Users to create a test user. The Users page appears.

  8. Click the Create New button. The Edit User page appears:

    image-20200625133503984

  9. Click the Two Factor dropdown list and select Duo.

  10. Type or select the other parameters for the new user. See Users.

  11. Log on as the test user. If there are multiple two-factor devices available, you will be prompted to select one. If you are un-enrolled you will be given a link to perform self-enrollment. You are contacted via the Duo app, SMS, or a phone call for the second factor.

  12. Add or configure actual users one at a time or by using bulk operations.

Task 3: Setting up Duo (User)

  1. Log on to Secret Server.

  2. After successful authentication, a new screen appears with the option to select a method to authenticate with.

  3. Select one of the options (Duo Push, Send SMS, or Phone), depending on your setup with Duo) and complete the selected authentication process to log in.