Duo Push Approvals
Users can now approve secret access requests and workflows using Duo push notifications. The push notification includes information, displayed on the user's screen, that helps the approver make the access decision.
Prerequisites
To use Duo push notifications:
- Duo must set up for Secret Server. See Duo Security Authentication.
- Duo user must be set up for Duo two-factor authentication. See Duo Security Authentication.
- The permission "Approve via DUO" must be granted to a role that is assigned to a group that includes all who will be approving requests via Duo. This allows enough flexibility so that those not wanting Duo push approvals can be configured to not receive them.
Assigning the Duo Approval Permission
To associate the permission with users:
-
Go to Admin > Roles.
-
Click the Create New button to create a new role. Name it "Duo Push Approver" or another name of your choosing.
-
Assign the Approve Via DUO Push permission to the new role.
-
Click the Save button.
-
If you choose to create a separate group for approvers, do this by navigating to Admin > Groups.
-
Click the Create New button to create a new group.
-
Add the desired users (chosen approvers) to that group.
You can also assign users to the group later. This method is a shortcut when creating a group. -
Click the Save button.
-
Go to Admin > Roles.
-
Click the Assign Roles button. The View Role Assignment page appears.
-
Click the Role dropdown list to select the role you created. Note that there are no groups or users.
-
Click the Edit button. The Role Assignment page appears.
-
Assign the Approve via DUO Push role to the Assigned list box.
-
Click the Save Changes button. Setup is now complete.