Reference Guide
...
Multi-Factor Authentication
External MFA Providers
Cisco Duo MFA Integration
3min
For Kron PAM integration with Cisco Duo, users should log in to Cisco Duo with the email addresses defined in Kron PAM. The Username must match the information on Kron PAM. After logging in to the Duo portal, the token verification can be done through different verification methods.
Duo Verification Methods

- To use the Duo verification method, users must download the Duo Mobile mobile app. Duo Mobile should be activated from the user portal settings area. Users must be added to the Duo portal. The Duo Mobile app should be activated on the devices.
Duo MFA Activation

Kron PAM integrates with Cisco Duo via API, as long as certain parameters are defined in Kron PAM:
- API key (the API key is created by Duo for each customer environment)
- URL (the URL is unique for each customer environment)
- Integration key (the integration key is created by Duo for each customer environment)
To adjust the Duo Integration Settings:
- Navigate to Administration > System Configuration Manager.
- Set the following parameters: mfa.provider=duo (default: internal) mfa.external.provider.duo.api.hostname=XXX mfa.external.provider.duo.integration.key=XXX mfa.external.provider.duo.secret.key=XXX (encrypted) mfa.external.provider.duo.factor = {passcode, sms, push} mfa.external.provider.duo.push.type = "the message which will be shown in the push notification on mobile device" default: Kron PAM MFA Request
- With Duo enabled, the token can be sent in different ways:
Passcode | Token in the mobile app is used. |
---|---|
SMS | The token is sent by SMS. |
Push | Verification is confirmed from the mobile application. |