Login confirmation via Duo Mobile#

You can use the Duo Mobile app (a Cisco company) to confirm the login (the second factor of authentication).

To do this, you need to make adjustments on the Duo Security service side:

  • register an account on the Duo website;

  • log in to the administrator panel and go to the “Applications” section;

  • click on “Protect an Application”, among the applications find “Auth API”. Then click on “Protect this Application” to get your integration key, secret key and hostname.

Once these operations are complete, you need to make settings in Blitz Identity Provider Admin Console.

  • configure the authentication method “Duo push-authentication”. You must specify:

    • Duo account parameters (host name, integration and secret keys);

    • interaction properties:

      • user name pattern (set in the substitution string) - this name will be displayed in Duo Mobile as the account name;

      • enrollment code validity time (in seconds) - the time the enrollment code will be valid for QR code;

    • data to be displayed in the application - information displayed to the user in Duo Mobile in the form of “key: value”. Here you can pass a custom attribute value or some fixed value. You can also specify the string ${app} as a value - this will display the name of the application the user is logged into;

    • Links to application - Duo Mobile.

  • enable the “Duo push-authentications” method in the “Authentication” section.

../_images/duo_auth_en.png

You can bind the Duo Mobile app to your user account in the following ways:

  • by the user independently through the web application “Personal cabinet”;

  • by an administrator through the Admin console.

In the web application “Personal cabinet” the user should go to the section “Security / Login Confirmation” and perform the following steps:

  1. Select the login confirmation method - “Confirmation via mobile application Duo Mobile”.

  2. Install the Duo Mobile app on your smartphone and scan the QR code and press “Confirm”.

  3. After verification, this authentication method will be added to the user.

In the admin console, the administrator must:

  1. Find the user required.

  2. Go to the “Application Duo Mobile (QR Code)” box and click on the “Link Duo Mobile” button.

  3. Ask user to scan the QR-code with the Duo Mobile application.

The pictures show an example of the login page appearance when confirming entry using push-notification in the Duo Mobile application.

../_images/duo003_en.png ../_images/duo005.jpg