Reference Guide
...
Multi-Factor Authentication
External MFA Providers

Cisco Duo MFA Integration

3min

For Single Connect integration with Cisco Duo, users should log in to Cisco Duo with the email addresses defined in Single Connect. The Username must match the information on Single Connect. After logging in to the Duo portal, the token verification can be done through different verification methods.

Duo Verification Methods
Duo Verification Methods

  • To use the Duo verification method, users must download the Duo Mobile mobile app. Duo Mobile should be activated from the user portal settings area. Users must be added to the Duo portal. The Duo Mobile app should be activated on the devices.
Duo MFA Activation
Duo MFA Activation


Single Connect integrates with Cisco Duo via API, as long as certain parameters are defined in Single Connect:

  • API key (the API key is created by Duo for each customer environment)
  • URL (the URL is unique for each customer environment)
  • Integration key (the integration key is created by Duo for each customer environment)

To adjust the Duo Integration Settings:

  1. Navigate to Administration > System Config Manager.
  2. Set the following parameters: mfa.provider=duo (default: internal) mfa.external.provider.duo.api.hostname=XXX mfa.external.provider.duo.integration.key=XXX mfa.external.provider.duo.secret.key=XXX (encrypted) mfa.external.provider.duo.factor = {passcode, sms, push} mfa.external.provider.duo.push.type = "the message which will be shown in the push notification on mobile device" default: Single Connect MFA Request
  • With Duo enabled, the token can be sent in different ways:

Passcode

Token in the mobile app is used.

SMS

Token is sent by SMS.

Push

Verification is confirmed from the mobile application.