Configuring Duo administrator account
- Go to https://duo.com/ to register for a Duo admin account.
- Verify your email and create a password.
-
Follow the instructions and download the Duo Mobile app to your smartphone and scan the barcode.
-
Your Duo protected account is now added to your smartphone app. Log in using the email and password that you created for the account.
-
Click Duo Push.
-
Tap to view actions in your smartphone and click Approve to confirm your identity .
-
You are directed to the Duo Admin Panel > Applications > Protect an Application.
-
Enter or locate "Web SDK" and click Protect.
-
Copy the "Client ID", the "Client secret" and the "API hostname".
-
Go to the hosted PBX portal and open the DUO Integration application.
-
Under the "Settings" tab, paste the keys as shown:
-
Click Save.
Important
As the account administrator, you can manage your account at https://admin.duosecurity.com/ where you can add further Duo security policies and restrictions, link Duo to a group of users and so on in the Duo online security portal. For more information, see the official Duo guides Documentation.
Configuring hosted PBX authentication (users)
-
In hosted PBX portal https://portal.hostedpbx.ie/, go to the app exchange and enable the app Authentication.
-
Open the Authentication app and click the "User Authentication" tab.
-
Enable MFA authentication; also use the second toggle to choose if you want to provide MFA for sub-accounts.
-
Select Duo as the provider.
-
Click Save.
Setting up Duo MFA to log in to hosted PBX (users)
- Log out of the hosted PBX portal and log back in.
- At the prompt click Start Setup and check the box for "Mobile Phone".
-
Enter your phone number with parenthesis around the area code as shown.
-
Download the Duo Mobile app or click I have Duo Mobile.
-
Select if you want a choice of how to verify each time or if you want to tap to verify every time.
-
Next time you log in, you will simply verify using your mobile.
Duo administrators and users
Info
Links in the table are not maintained, refer directly to Duo docs for the latest information.
Duo "administrators" and Duo "users" require separate activation for Duo Mobile. After activating, the Duo Admin account will be labeled "DUO ADMIN" in Duo Mobile and the Duo User account will be labeled "DUO-PROTECTED" in Duo Mobile.
Administrator Accounts | User Accounts |
---|---|
Used exclusively for login to the Duo Admin Panel Activating Duo Mobile for a Duo Admin | Used to log in to Duo-protected applications Activating Duo Mobile for a User |
Does not count against user licenses | Does count against user licenses |
Can contact Duo Support | Cannot contact Duo Support; work with your organization's Duo Help Desk team or administrator |
One SMS code per request that always expires after 5 minutes | Up to 10 passcodes per request (as set by your Duo admin) that have a configurable expiration setting |
An email address can only be associated with one Duo administrator account. | An email address can be associated with multiple Duo user accounts. |
Even though not recommended, 2FA devices (including hardware tokens) can be shared between Duo administrator accounts, however, a Duo admin cannot have multiple phone numbers or multiple hardware tokens attached. Use of Duo Mobile between shared accounts will require reactivation after assigning the shared device to another Duo admin. More information here | Can share 2FA devices between user accounts. This includes many users:many devices and many devices:many users. Please note Duo's one-to-many object limits. In order to authenticate with a shared 2FA device, users adding the shared device via the self-service portal or device management portal will be asked to verify ownership of the device using an allowed 2FA method. |
Note
MFA with Duo is currently only free for 10 users or less and limited number of text messages.
Add second device user device
If you have a DUO MFA price plan a user can manage their own devices. If that's enabled the user can add a second device themselves. Users can have up to two phones with Push notifications. For more information, see Duo documentation.
Enroll a second user device (DUO admin):
- Go to Admin Panel -> Users -> Select User.
- Scroll down and select "Add Phone".
- Select "Tablet".
- Enter a name for the device and click "Activate Duo Mobile" -> "Generate Duo Mobile Activation Code".
- Enter the mail address of the user and send the e-mail.
Important
Make sure you select "Tablet" or it will only give you an option to SMS.