This blog post was originally published at Steve The Identity Guy’s blog. |
Workspace ONE Access now offers native integration with DUO. This integration will not require the use of radius and/or the Workspace ONE Access connector.
This blog will outline the steps to set up and configure DUO and Workspace ONE Access.
Now Available on All Platforms
Create a Web SDK Application in DUO
- In your DUO admin console, go to Dashboard > Applications > Protect an Application.
- In the search box, enter Web SDK and click Protect.
- Make note of your Integration Key, Secret Key, and API Hostname.
Note: In the latest version of the DUO Admin Console, the Integration Key is now called a Client ID and the Secret Key is now called a Client Secret.
- Scroll down to settings and update the name of this application.
- Click Save.
Enable the Workspace ONE Authentication Method
- Log into the Workspace ONE Administration Console.
- Go to Identity & Access Management > Authentication Methods.
- Click Edit for DUO Security.
- Enable the Adapter.
- Paste your Integration Key.
- Paste your Secret Key.
- Paste your API Host Name.
- Select the correct username format. The only options currently available are username and email address.
- Select Save.
- Your DUO Adapter should be enabled and ready to use.
Update your Built-In IDP in Workspace ONE Access
- In the Workspace ONE Administration Console, go to Identity & Access Management > Identity Providers.
- Click on your built-in Identity Provider that is already associated with your user directory.
- Scroll down to Authentication Methods and enable DUO Security.
- Click Save.
Update your Policies
- In the Workspace ONE Administration Console, go to Identity & Access Management > Policies.
- Edit your Default or Application Policy (depending on your requirements).
- Add DUO Security as a second factor of authentication.
- Click Save.
- Click Next and Save.
Testing the DUO Flow
- Log into your Workspace ONE Access Console via incognito.
- Enter your Username/Password as an end user.
- Click Start Setup.
- Select your device type and click Continue.
- Select the correct platform for your device and click Continue.
- Workspace ONE Access will prompt you to install Duo Mobile. Once you have DUO Mobile Installed, click I have DUO Mobile.
- In DUO Mobile, click the + sign and scan the barcode.
- Once activated, you will see a green checkmark.
- Click Continue to Login.
- When prompted, select Send Me a Push.
- On your device, click Approve.