Once the integration keys for the Duo Server have been configured, an administrator must provide authentication rules to define which users will use Duo as their second factor.
Administrator Configurations
Administrators may configure Duo as a second factor authentication by adding a secondary authentication rule in the admin UI ► Configuration ► Authentication tab. Just select Duo Security as the secondary auth type, as shown below.
Rule Type
Use the dropdown menu to select the user type that appears in the Rule column. Selecting Group will allow the selection of an existing user group in the rule column. Selecting Dynamic allows the administrator to build a filter that will match users based on specific conditions.
Rule
User rules matches users to the secondary authentication rule. When a user group is selected the specific authentication rule will only apply to that specific user group.
Secondary Auth Type
Authentication factor to apply to the secondary authentication rule. Factors include SMS, Duo Security, Mobile, and TOTP.
Enabled
Authentication Rule is not applied if not checked.
Optional
Users are forced to enroll in the second factor if this option is not checked. When selected, users may activate their second factor anytime they wish by navigating to the Self-Service ► My Profile ► Manage Security sub tab.
Priority
If a user qualifies for more than one secondary authentication rule based on the user selection rules configured, then the authentication rule with the highest priority will be applied.
Description
A short description of the authentication rule
Additional Properties
Mobile and Duo Security options have additional configurations shown when clicking on this button. Please see Duo Addition Properties, or Setup Bypass Code section for details.
Once the user has identified themselves in the first step, they will be presented the Duo IFrame and prompted to activate their device.