Once the integration keys for the Duo Server have been configured, an administrator must provide authentication rules to define which users will use Duo as their second factor.
Administrators may configure Duo as a second factor authentication by adding a secondary authentication rule in the admin UI ► Configuration ► Authentication tab. Just select Duo Security as the secondary auth type, as shown below.
Use the dropdown menu to select the user type that appears in the Rule column. Selecting Group will allow the selection of an existing user group in the rule column. Selecting Dynamic allows the administrator to build a filter that will match users based on specific conditions.
User rules matches users to the secondary authentication rule. When a user group is selected the specific authentication rule will only apply to that specific user group.
Secondary Auth Type
Authentication factor to apply to the secondary authentication rule. Factors include SMS, Duo Security, Mobile, and TOTP.
Authentication Rule is not applied if not checked.
Users are forced to enroll in the second factor if this option is not checked. When selected, users may activate their second factor anytime they wish by navigating to the Self-Service ► My Profile ► Manage Security sub tab.
If a user qualifies for more than one secondary authentication rule based on the user selection rules configured, then the authentication rule with the highest priority will be applied.
A short description of the authentication rule
Once the user has identified themselves in the first step, they will be presented the Duo IFrame and prompted to activate their device.