- Emergency Bypass Codes
- Enrolling a Duo Device
- Setup Duo as Second Factor Authentication
- Signing In as an End User with Duo Authentication
Fischer integrates with Duo’s SDK so there are specific parameters you need to obtain from your Duo instance.
How to Integrate Duo with Fischer
Integrating your Duo service with Fischer is very straight forward. To navigate to the Duo Security Authentication configuration, click "Configuration" tab.
Select Duo Security Authentication from the combo box.
Fischer offers a few native configuration options for IGA Administrators to consider while defining how Duo will operate within the Fischer IGA Suite.
Activation Code E-Email Notification
In this particular case, only the default system notification is defined. System notifications are notifications that come out of the box with the product and are ready for use. Organizations in many cases elect to build their own custom notifications. Building custom notifications will be covered in a separate course.
Activation Code SMS Notification
This setting should be used if the intent is to deliver the Duo activation code to the identity’s mobile device as an SMS message. Just like above, IGA Administrators can select the message they would like to use. The selected message will be what is sent to the user’s mobile device as an SMS message.
Activation Code Notification E-mail Attribute
This combo box offers IGA Administrators with the option of selecting which attribute Fischer will use to resolve the identity’s email address that is stored within Fischer’s identity registry. Mapping attributes to Fischer’s Metaverse is covered in the Attributes course and you will learn about all about Fischer’s identity schema and how to use it within your solution. There are multiple attributes available in the combo box to be selected. Administrators need to understand that whichever attribute is selected the corresponding email address value stored will receive the Duo activation code notifications. This is an important step when registering devices for Duo users.
Activation Code Notification Method
Within the combo box are 3 distinct options:
- SMS
- Both SMS and Email
The selected method is HOW the activation code notification (defined in the previous step) will be sent. You can select one of the three available options and once the activation code is generated, Activation Email Code Notification will be the message sent, the Activation Code Notification E-mail Attribute selected will WHERE the notification is sent (if it’s set to be delivered to E-mail) OR the Activation Code SMS Notification will be the message sent (if SMS is set as the delivery method) OR both will be sent (depending upon your Activation Code Method choice). Finally the Activation Code Method selected will be HOW the activation code is delivered to the end user.
Duo Post Process Workflow
Any resource type workflow may be selected to run after enrolling or removing a device from either Manage Security or Identity Claim features. Full end user profile attributes will be available in the the workflow payload as well as the requester's id. Workflow will always be of change type modify and have a modify type of either add or delete depending on the action taken by the end user.
Version
Duo Post Process Workflow is available from version 7.5.0
Duo Security Authentication Parameters
The following list of parameters will be retrieved from your Duo instance and configured within Fischer’s Duo settings to allow for the Fischer's Duo integration to happen securely. Note that ALL Duo parameters listed in the table above are required in order for the Fischer's Duo integration to work properly. Fischer cannot get this information for you as your Duo instance is protected by you and Fischer does not have administrative access to it.
|
Admin API Integration Key |
|
Admin API Secret Key |
|
Duo Application Key |
|
Web SDK API Hostname |
|
Web SDK Integration Key |
|
Web SDK Secret Key |
Leveraging Duo for Multi-factor Authentication within Fischer
Duo Security can be utilized in multiple ways within Fischer's authentication framework. The table below outlines how you can leverage your Duo Security solution to introduce multi-factor authentication to your Identities:
| Device Registration | |
| During the initial Identity on boarding process, if your organization has integrated with Duo, Fischer will prompt the user to go through the Duo Device Registration process where applicable. | |
| Unlink Device | |
| Fischer provides mechanisms within the Administration user interface and self-service for unlinking devices. | |
| MFA for Fischer Interfaces | |
| Organizations can leverage your Duo Security solution to force multi-factor authentication for Fischer's Self-Service Interface. | |
| MFA for Fischer IdP | |
| Organizations deploying Fischer's IdP can also leverage their Duo service for multi-factor authentication within Fischer's IdP. |