Integrating DUO with Workspace ONE Access

January 13, 2021
 
This blog post was originally published at Steve The Identity Guy’s blog.
 

DUO thumbnail

Workspace ONE Access now offers native integration with DUO. This integration will not require the use of radius and/or the Workspace ONE Access connector.

This blog will outline the steps to set up and configure DUO and Workspace ONE Access.

Now Available on All Platforms

Create a Web SDK Application in DUO

  1. In your DUO admin console, go to Dashboard > Applications > Protect an Application.
    Protect an Application
  1. In the search box, enter Web SDK and click Protect.
    Protect an Application
  1. Make note of your Integration Key, Secret Key, and API Hostname.
    Details
  1. Scroll down to settings and update the name of this application.
    Settings
  1. Click Save.

Enable the Workspace ONE Authentication Method

  1. Log into the Workspace ONE Administration Console.
  2. Go to Identity & Access Management > Authentication Methods.
    Authentication Methods for Built-In Identity Providers
  3. Click Edit for DUO Security.
    DUO Security
  4. Enable the Adapter.
  5. Paste your Integration Key.
  6. Paste your Secret Key.
  7. Paste your API Host Name.
  8. Select the correct username format. The only options currently available are username and email address.
  9. Select Save.
  10. Your DUO Adapter should be enabled and ready to use.

Update your Built-In IDP in Workspace ONE Access

  1. In the Workspace ONE Administration Console, go to Identity & Access Management > Identity Providers.
  2. Click on your built-in Identity Provider that is already associated with your user directory.
  3. Scroll down to Authentication Methods and enable DUO Security.
    Authentication Methods
  4. Click Save.

Update your Policies

  1. In the Workspace ONE Administration Console, go to Identity & Access Management > Policies.
  2. Edit your Default or Application Policy (depending on your requirements).
  3. Add DUO Security as a second factor of authentication.
    Edit Policy Rule
  4. Click Save.
  5. Click Next and Save.

Testing the DUO Flow

  1. Log into your Workspace ONE Access Console via incognito.
  2. Enter your Username/Password as an end user.
    Sign in
  1. Click Start Setup.
    Start setup
  1. Select your device type and click Continue.
    Continue
  1. Select the correct platform for your device and click Continue.
    Continue
  1. Workspace ONE Access will prompt you to install Duo Mobile. Once you have DUO Mobile Installed, click I have DUO Mobile.
    Install
  1. In DUO Mobile, click the + sign and scan the barcode.
    Scan the bar code
  1. Once activated, you will see a green checkmark.
    Verify
  1. Click Continue to Login.
    Continue to Login
  1. When prompted, select Send Me a Push.
    Send me a Push
  1. On your device, click Approve.
    Approve login request

 

Filter Tags

Workspace ONE Workspace ONE Access Blog Feature Walk-through Fundamental Intermediate

Steven 'The Identity Guy' D'Sa

Read More from the Author

Hi, I’m Steven. I have more than 20 years of IT experience, including 14 years focused specifically on Identity and Access Management. I’ve spent most of my career as an Oracle Identity and Access Management Consultant, including four years as an Identity Management Architect for BlackBerry. I currently work as part of the Principal Technologies team at VMware responsible for Workspace ONE Access and the technical integrations with our Identity & Access partners.