Setup

Resources

For information and setup help, see the following documentation:

Requirements

To use the connector, you'll need:

  • A configured Duo environment
  • A Duo user account to use for testing

Getting your application credentials

  1. In Duo, add an application. For help, see Protecting an application in the Duo documentation.
  2. Select PingFederate as the application type.
  3. Note your Client ID, Client secret , and API hostname. You'll use these in the connector configuration.
  4. Click Save.

Setting up the Duo connector configuration

In DaVinci, add a Duo connection. For help, see Adding a connector.

Connector configuration

Client ID
The Client ID that you noted in Getting your application credentials.
Client secret
The Client secret that you noted in Getting your application credentials.
API Hostname
The API hostname that you noted in Getting your application credentials.

Using the connector in a flow

Authenticating users with Duo multi-factor authentication


A screen capture of the complete MFA flow.

Complete the steps below to create a flow that asks the user to enter their username in an HTML form, uses the connector to redirect them to Duo, then shows the results on an HTML page.

Note:

Duo's Universal Prompt experience doesn't provide a "Cancel" option that would let the user exit MFA and return to the DaVinci flow. Because of this, it's possible for Duo to become a dead end in the user experience if they can't successfully complete MFA.

  1. Create a sign on form:
    1. In a new flow, add the HTTP connector and select the HTML Form capability. Select the node that appears in your flow.
      Note:

      In this example flow, we'll collect the username in a form. When you build your own flow, this is where you should add your first-factor authentication step.


      A screen capture of the HTML Form asking for a username.
      Tip:

      For help, see the HTTP connector.

    2. In the Title field, enter a title, such as Sign On.
    3. In the Fields List section, click Add.
    4. In the Property Name field, enter username.
    5. In the Display Name field, enter Username
    6. In the Next Button Text field, enter Sign On.
    7. Click Apply.
  2. Redirect the user to Duo for MFA:
    1. Following your HTML Form node in your flow, add the Duo connector and select the Multi-factor authentication (MFA) capability. Select the node that appears in your flow.
    2. In the User ID field, click {} and select the username variable from your HTML Form node.

      An animated screen capture that shows the user inserting the username variable in the User ID field.
    3. (Optional) If you want the flow to show a Duo sign-on button rather than automatically redirecting the user to Duo, do the following:
      Note:

      This lets you include a Duo sign-on button alongside other sign-on options in an IDP Container connector or as part of a custom HTML page using an HTTP connector.

      1. Turn off Skip Button Press.
      2. In the Display Name field, enter the button text, such as Sign on with Duo.
      3. (Optional) In the CSS field, add CSS to customize the appearance of the prompt.
      4. (Optional) Turn on Show Powered By to display Powered by Ping Identity at the bottom of the prompt page.
    4. Click Apply.
  3. Show the response from Duo:
    1. Following your Multi-factor authentication (MFA) node, add an HTTP connector and select the Custom HTML Message capability. Select the node that appears in your flow.
      Note:

      In this example flow, we'll show the user the response from Duo. When you build your own flow, this is where you should redirect the user to the resource they originally wanted to access.

    2. In the Title field, enter Sign on complete.
    3. In the Message field, click {} and select the rawResponse variable from your Multi-factor authentication (MFA) node.

      An animated screen capture that shows the user inserting the rawResponse variable in the Message field.
    4. Click Apply.
  4. Test the flow.
    1. Click Save, Deploy, then Run.
    2. On the Sign On page, enter the username for your Duo test user account. Click Sign On.

      Result: The browser redirects to the Duo MFA experience, such as Universal Prompt.


      A screen capture of the Duo Universal Prompt experience.
    3. Complete the MFA process with Duo.

      Result: Duo shows a success message, then redirects the browser back to DaVinci.


      A screen capture showing the Universal Prompt success message.

      Your Custom HTML Message shows the complete response from Duo.


      A screen capture that shows the Custom HTML Message node with the raw response from Duo.

For help, see the Creating an authentication flow guide.

Capabilities

Multi-factor authentication (MFA)

Redirect to Duo for multi-factor authentication.

Properties
Username textField required
Duo MFA button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch
Input Schema
default object
username string required

Username

clientSecret string required
clientId string required
apiHostname string required

API Hostname

Output Schema
output object
rawResponse object
properties object
access_token string
id_token string
expires_in integer
token_type string
statusCode integer
headers object
properties object
server string
date string
content-type string
content-length string
connection string
cache-control string
pragma string
strict-transport-security string
content-security-policy string
tokens object
properties object
access_token string
id_token string
expires_in integer
token_type string
iss string
sub string
aud string
exp integer
iat integer
auth_time integer
auth_result object
properties object
result string
status string
status_msg string
auth_context object
properties object
txid string
timestamp integer
user object
properties object
name string
key string
groups array
application object
properties object
name string
key string
auth_device object
properties object
ip string
location object
properties object
city string
state string
country string
name string
access_device object
properties object
ip string
location object
properties object
city string
state string
country string
hostname null
epkey string
factor string
event_type string
result string
reason string
alias string
isotimestamp string
email string
ood_software null
preferred_username string
nonce string