Duo Push Approvals

Users can now approve secret access requests and workflows using Duo push notifications. The push notification includes information, displayed on the user's screen, that helps the approver make the access decision.

Prerequisites

To use Duo push notifications:

  • Duo must set up for Secret Server. See Duo Security Authentication.
  • Duo user must be set up for Duo two-factor authentication. See Duo Security Authentication.
  • The permission "Approve via DUO" must be granted to a role that is assigned to a group that includes all who will be approving requests via Duo. This allows enough flexibility so that those not wanting Duo push approvals can be configured to not receive them.

Assigning the Duo Approval Permission

To associate the permission with users:

  1. Go to Access > Roles.

  2. Click the Create Role button to create a new role. Name it "Duo Push Approver" or another name of your choosing.

  3. Assign the Approve Via DUO Push permission to the new role.

  4. Click the Save button.

  5. If you choose to create a separate group for approvers, do this by navigating to Access > Groups.

  6. Click the Create Group button to create a new group.

  7. Add the desired users (chosen approvers) to that group.

    You can also assign users to the group later. This method is a shortcut when creating a group.

  8. Click the Save button.

  9. Go to the page for the newly created group.

  10. Click the Roles tab.

  11. Click the Edit Roles button.

  12. click the Scope dropdown list to select Unassigned.

  13. Click to select the DUO Push Approver role.

  14. Click the Save button. Setup is now complete.

In addition to having the role you created, the user must be properly set up to receive Duo push notifications. See Duo Security Authentication.
Any notifications will all be sent out at the same time, and the first response (approve or deny) will be the determinant response. A non-response will not result in either an approve or deny response.