Integrating DUO with Workspace ONE Access

January 13, 2021
This blog post was originally published at Steve The Identity Guy’s blog.

DUO thumbnail

Workspace ONE Access now offers native integration with DUO. This integration will not require the use of radius and/or the Workspace ONE Access connector.

This blog will outline the steps to set up and configure DUO and Workspace ONE Access.

Now Available on All Platforms

Create a Web SDK Application in DUO

  1. In your DUO admin console, go to Dashboard > Applications > Protect an Application.
    Protect an Application
  1. In the search box, enter Web SDK and click Protect.
    Protect an Application
  1. Make note of your Integration Key, Secret Key, and API Hostname.
    Note: In the latest version of the DUO Admin Console, the Integration Key is now called a Client ID and the Secret Key is now called a Client Secret.
  1. Scroll down to settings and update the name of this application.
  1. Click Save.

Enable the Workspace ONE Authentication Method

  1. Log into the Workspace ONE Administration Console.
  2. Go to Identity & Access Management > Authentication Methods.
    Authentication Methods for Built-In Identity Providers
  3. Click Edit for DUO Security.
    DUO Security
  4. Enable the Adapter.
  5. Paste your Integration Key.
  6. Paste your Secret Key.
  7. Paste your API Host Name.
  8. Select the correct username format. The only options currently available are username and email address.
  9. Select Save.
  10. Your DUO Adapter should be enabled and ready to use.

Update your Built-In IDP in Workspace ONE Access

  1. In the Workspace ONE Administration Console, go to Identity & Access Management > Identity Providers.
  2. Click on your built-in Identity Provider that is already associated with your user directory.
  3. Scroll down to Authentication Methods and enable DUO Security.
    Authentication Methods
  4. Click Save.

Update your Policies

  1. In the Workspace ONE Administration Console, go to Identity & Access Management > Policies.
  2. Edit your Default or Application Policy (depending on your requirements).
  3. Add DUO Security as a second factor of authentication.
    Edit Policy Rule
  4. Click Save.
  5. Click Next and Save.

Testing the DUO Flow

  1. Log into your Workspace ONE Access Console via incognito.
  2. Enter your Username/Password as an end user.
    Sign in
  1. Click Start Setup.
    Start setup
  1. Select your device type and click Continue.
  1. Select the correct platform for your device and click Continue.
  1. Workspace ONE Access will prompt you to install Duo Mobile. Once you have DUO Mobile Installed, click I have DUO Mobile.
  1. In DUO Mobile, click the + sign and scan the barcode.
    Scan the bar code
  1. Once activated, you will see a green checkmark.
  1. Click Continue to Login.
    Continue to Login
  1. When prompted, select Send Me a Push.
    Send me a Push
  1. On your device, click Approve.
    Approve login request


Filter Tags

Workspace ONE Workspace ONE Access Blog Feature Walk-through Fundamental Intermediate