Enable MFA with DUO Security
Duo provides an additional layer of security to your application, services or websites. After successful password level authentication, you simply approve a secondary authentication request either by Duo Mobile app, SMS, and Phone call.
- To start with, you need to browse https://signup.duo.com/ and provide details as mentioned below. If you are representing a company, provide the employee size of the company. There is another check mark for MSP, Reseller, and Partner
2. Next, you will get a verification link on your email id which you have to accept to identify yourself
3. After accepting the request by email, you will become owner of newly created orgnization by default.
4. Next step is to set a password for your account and install the Duo app to scan the QR code which will add an account automatically. Provide a Mobile number as a backup option.
5. Now login to Admin console with new password and 2FA could be Duo push on mobile app or Passcode or OTP via SMS.
6. Once identity confirms, you will see the Admin dashboard. You can got to application section to search for application with which you want to integrate.
7. In our case, I am setting 2FA for the WordPress site. Hence I selected WordPress from the list. Click on protect.
8. Before login into the WordPress site, check the account has permission to log in. If that account does not exist, you need to add that account to the Administrator panel as administrator. I have added another account as WordPress admin user with an email id and phone number.
9. WordPress admin user will get an invitation link from Duo, which has to accept to set up his account in the Duo Admin console along with Duo App. This is how the WordPress Admin user is set up on the Duo Admin portal.
10. WordPress Admin user will to login into a WordPress site. From Dashboard, he can go plugin section and install the duo two-factor plugin. It will 10 min to install and activate it manually.
11. After activation, click on the setting of the plugin
12. Copy and paste the Integration key, secrete key, and API hostname. This info you will get from Duo admin console –> Dashboard –> Applications –> WordPress. Save changes
13. Now we are almost done with the setup. We have to complete the user enrollment process. Login into your WordPress account with a WordPress admin account, and it will prompt you to set up your two-factor Authentication. You have to choose Duo Push or Text Me or Enter a Passcode.
14. The process mentioned in previous step is specifically for WordPress website. For other services/websites/applications, you have to refer to documentation to integrate with Duo security.
15. Below are few points which i have not covered to avoid complexity of solution, I wanted to keep a demo simple to understand. This points can be revisited later as well.
- I have shown you trial version which is valid for 30 days. After 30 day, if you have not renewed the license, it will convert to free edition where it will be allowed for 10 users. Other than Duo free, you can opt for Duo MFA, Duo Access and Duo Beyond plans.
- From your App server, you need outbound connectivity on port 443 to Duo security cloud
- There is additional section through which you set policies for your application to control how user authenticate, from which location , from which device. You can go with default Global policies or modify it according to your orgnization need.
- You can sync your orgnization Active directory users with Duo for SSO. I have shown authentication with administrator level account but users do authentication with Application/services/web.
I hope this demo is easy to understand and you can test from your end.
Leave a Reply