DUO: Configuration for SSO and End-User Verification

Introduction

DUO (https://duo.com) is a popular identity verification platform. You can use it in MSP Process to acheive two goals:

  • To secure the login process of anyone looking to access your MSP Process account at https://app.mspprocess.com. This capability requires the DUO Web SDK to be configured.
  • During the end-user verification process; DUO can be used instead of sending the user a verification code via e-mail or SMS. This capability requires the DUO Auth API and Admin API to be configured.

This guide will take you through all of the steps required to link MSP Process to your DUO environment, which includes setting up 3 entities in DUO (their Web SDK, Auth API, and Admin entities) and configuring the appropriate settings within MSP Process.

Step 1: Configuring the Web SDK Entity in DUO

What is the DUO Web SDK? The Duo Web SDK adds the two-factor authentication screens and workflow to the MSP Process login flow.

How is the Web SDK Used? This module only needs to be setup if you want to use DUO to secure how you and your techs login to the MSP Process platform. It is not required if you only plan on using DUO for End-User Verification.

  1. Login to the DUO Admin portal (https://admin.duosecurity.com/)
  2. From the left-hand menu, navigate to Application -> Protect an Application
  3. Search for "Web SDK" in the Search field
  4. Click on the Protect button beside Web SDK
  5. In the Details section, copy the Client ID, Client Secret and API Hostname; you'll need them later
  6. In the Settings section, change Name field to say "MSP Process"
  7. Click Save

Step 2: Configuring the Auth API Entity in DUO

What is the DUO Auth API? The DUO Auth API is a low-level, RESTful API for adding strong two-factor authentication to the MSP Process website.

  1. If you're already logged into the DUO Admin portal, proceed to step #2. Otherwise, please login to the DUO Admin portal (https://admin.duosecurity.com/)
  2. From the left-hand menu, navigate to Application -> Protect an Application
  3. Search for "Auth API" in the Search field
  4. Click on the Protect button beside DUO Auth API
  5. In the Details section, copy the Integration Key, Secret Key and API Hostname; you'll need them later
  6. In the Settings section, change Name field to say "Auth API for MSP Process"
  7. Click Save

Step 3: Configuring the Admin API Entity in DUO

What is the DUO Admin API? The DUO Admin API is a low-level, RESTful API for querying DUO for information about objects, such as end users.

  1. If you're already logged into the DUO Admin portal, proceed to step #2. Otherwise, please login to the DUO Admin portal (https://admin.duosecurity.com/)
  2. From the left-hand menu, navigate to Application -> Protect an Application
  3. Search for "Admin API" in the Search field
  4. Click on the Protect button beside DUO Admin API
  5. In the Details section, copy the Integration Key, Secret Key and API Hostname; you'll need them later
  6. In the Settings section, change Name field to say "Admin API for MSP Process"
  7. In the Permissions section, assign the Grant read resource permission
  8. Click Save

Step 4: Configuring MSP Process to Use DUO

  1. Login to the MSP Process portal (https://app.mspprocess.com)
  2. Navigate to Integrations -> Security Integrations
  3. Click the Add new integration button

     4. Click the DUO Auth API button; specify a name, and then enter the Integration Key, Secret Key and API Hostname from Step #2. Click Submit when             you're done.

     5. Repeat steps 3 and 4 for the DUO Admin and DUO Web SDK feature 

 

Congratulations! You're Done!

You've now setup the required entities in DUO, and configured MSP Process with the information it needs to start using DUO to secure the login process to your MSP Process UI, and to perform end-user verification.