Duo Authentication 1.0.0

Duo Authentication lets you add Duo as another Multi Factor Authentication (MFA) option. Duo is a paid service with a limited free tier (up to 10 users) which allows centralized management of all authorized users.

Setup Instructions

1. Install the Applicaiton from the Marketplace.
2. Sign up for an account at Duo: https://signup.duo.com/
3. On your Duo dashboard, create a new "Web SDK" application. See the screenshot above (with the 3 numbers) for an image of how to do this.
4. Make a note of the Client ID, Client Secret, and API Hostname. Additionally, ensure that "Let users remove devices, add new devices, and reactivate Duo Mobile" is checked. If it is not, you will need to enroll your users yourself and they will be unable to manage their Duo account (add/remove authorized devices) from within Invision Community. If enrolling manually, ensure that the username in Duo matches the "Duo identifier" setting in Invision Community. By default, this is the Member's email address, but it can be changed to their display name or internal member ID number instead. See the screenshot above (with the 2 red boxes) for an image of where to find these settings.
5. Copy the Client ID, Client Secret, and API Hostname into the Duo settings in the Multi Factor Authentication area of the ACP. There are other settings that you may wish to configure as well, such as which groups are allowed to use Duo and whether or not it "fails open" in the event that Duo is down and the users do not have alternative MFA factors configured.
6. Toggle Duo from "Disabled" to "Enabled" -- your members can now use Duo!

To manage which types of notifications are supported (push, SMS, phone call, passcode), edit the policy on the Duo dashboard.