This document provides information on how to integrate the Segura® Platform with the Duo Security authentication provider. You can use Duo multi-factor authentication to log in and start sessions on the Segura® Platform.
Requirements
- Have an account with an administrator profile in Duo Security.
- Have the Duo Mobile application installed on the device.
- DNS configured on the Segura® Platform.
Attention
- Direct communication between the Segura® Platform and Duo Security is required. Proxies are not supported.
- The application must have DNS configured and a valid certificate to establish connectivity with the Duo endpoint. In the Orbit configuration, the Application URL field must also be configured with the instance DNS.
Step 1: Create an application in Duo Security
- Log in to the Duo Admin Panel.
- In the left-side menu, select Applications.
- Click Application Catalog.
- In the search bar, type Web SDK.
- Click + Add.
- In the Application name field, enter the desired application name.
- Copy the
Client ID,Client Secret, andAPI hostname. You will need this information to complete the configuration. - Click Save.
Step 2: Enable the use of an external MFA solution
- On the Segura® Platform, hover over the Products menu and select Settings.
- In the side menu, select Security policies and network > Authentication security.
- In the Multi-factor authentication section, check Enable external Multi-Factor Authentication application.
- Click Save.
Attention
When enabling this feature, some security mechanisms will be disabled. This changes the SameSite property from Strict to Lax. Make sure you have a firewall configured to deny access from unauthorized websites to your Segura® Platform server.
Step 3: Register Duo Security as an MFA provider on the Segura® Platform
- On the Segura® Platform, hover over the Products menu and select Settings.
- In the side menu, select MFA > Providers.
- In the Providers report, click Add.
- On the Select the provider screen, select Duo Security.
- On the Provider registration screen, complete the fields:
- Name *: identifier name for the Duo Security provider.
- Enabled: choose whether the provider will be created as active or inactive.
- Endpoint *: enter the
API hostnamevalue generated in Duo Security. - Client ID *: enter the
Client IDvalue generated in Duo Security. - Client secret: enter the
Client Secretvalue generated in Duo Security.
- Click Save.
Step 4: Configure Duo as the user MFA
- On the Segura® Platform, open the user menu in the upper-right corner and select Configure MFA.
- Select the Duo Security provider configured in step 3 and click Continue.
- Log in to your Duo application.
- Select the Duo Mobile authentication method.
- Select your country from the dropdown menu.
- Enter your mobile phone number.
- Click Continue.
- Click Yes, it's correct to confirm your phone number.
- Click Next.
- Open the Duo Mobile application on your phone.
- Add the account by scanning the QR code displayed on the screen.
- When you receive confirmation that Duo Mobile was added, click Continue.
- To finish, click Log in with Duo.
Now, when accessing the Segura® Platform, you will receive a push notification in your Duo Mobile application to complete authentication.