Integrate Duo with an application

On this page:


Overview

Most developers who want to protect their applications using Duo will take advantage of the Duo integration provided by IU Login (formerly CAS). However, for some use cases (for example, Linux workstation protection, Microsoft RDP, etc.) direct integration is not possible, and developers may need to perform a direct integration. For more, see the list of Duo integrations.

The following integration types can be approved automatically:

Other integration types can be approved but may require additional time for review. For more about additional integration types and how to implement them, see Supported Applications | Duo Security.

Request Duo integration

Note:
Only IU faculty, staff, and affiliates can request a Duo integration.

To request Duo integration with your applications, email Support Center Tier 2 with the following information:

  • Integration type
  • Integration name (will be displayed to Duo Push users)
  • Group or departmental email address

Support staff will review your integration, create it, and send you the integration information via Slashtmp. Once you have the integration information, an integration key (ikey) and a secret key (skey), you can complete installation using the instructions provided for your Duo integration. You only need to create one type of integration per service you wish to protect. For example, a group of servers administered by a single team and all using the same integration type can be protected by a single Duo integration.

You should protect your secret key like a password. Never share your secret key with unauthorized individuals or send it in email. To share your secret key with authorized individuals, use the secure version of Slashtmp. If you suspect that your secret key has been compromised, immediately email Support Center Tier 2 to have it reissued.

Integration keys are not sensitive and can be communicated by email.

Do not share API keys across services boundaries. API keys can be reviewed periodically and inactive keys removed. UITS will attempt to contact application owners before their keys are removed.

For assistance configuring your Duo integration, email Support Center Tier 2.

Note:
Servers with private IP addresses in Intelligent Infrastructure are still able to connect to the Duo authentication servers. A universal rule has been added that automatically grants proxy access for Duo authentication. For more about the private IP proxy, including the proxy service IP addresses, see About the Data Center proxy service.

This is document bfyo in the Knowledge Base.
Last modified on 2019-06-12 10:07:40.

Contact us

For help or to comment, email the UITS Support Center.