![]() IdentityNow Duo Web IntegrationĬomplete the following step to integrate Duo Web in IdentityNow: You are now ready to integrate Duo Web in IdentityNow. For security purposes, the user does not have the opportunity to enroll in Duo during password resets. If a user has not enrolled in Duo or has not registered a device, the Duo password reset methods will not be displayed. Your users must register at least one device in Duo to use these features. The akey is autogenerated for you.Ĭertain Duo configuration options might affect your users' experience in IdentityNow, as follows:ĭisabling a user in Duo causes the Duo authentication options to be disabled in IdentityNow for the user. You will be asked to provide your integration key, secret key, and API hostname later when configuring your Duo Web integration in IdentityNow. Select Protect this Application, and save the following information that is generated by Duo: Duo should prompt the user to authenticate their identity every time.įor information about Duo's policy and user administration settings, see Duo Policy & Control and Duo Admin - Managing Users. To ensure proper configuration, test Password Reset with a test user account, then immediately repeat the reset action by the same user. NEVER set the Authentication policy to Bypass 2FA.įailure to follow these best practices can result in users bypassing Duo security. The integration name is important because it shows up in the Duo Push request sent when a user authenticates with Duo.ĭO NOT apply a Remembered Devices policy to the SailPoint Web application.ĭO NOT apply a New Users policy, Authentication policy, Authorized Networks, or User Location policy that allows access without two-factor authentication to the SailPoint Web application. (Optional) Change the integration name to a custom name configured for your organization. ![]() See Duo - Protecting Applications for more information.īe sure to incorporate the following settings and best practices in Duo for strong, two-factor authentication: In the Duo Admin Panel, navigate to Applications > Protect an Application, and select SailPoint Web. Duo Web Setup and ConfigurationĬomplete the following steps to set up and configure Duo Web: Set up and configure Duo Web, and then enable Duo Web Integration in IdentityNow. See Duo 2FA for SailPoint IdentityNow for more information. Please use the mobile browser instead.įor strong authentication, you must use Duo Security.Ĭonfiguring IdentityNow to use Duo Web for authentication requires a certain amount of work outside of the IdentityNow admin interface. The IdentityNow mobile app does not support password reset or unlocks for end users authenticating via Duo Web at this time. This best practice is implemented in IdentityNow using the Two-Factor Authentication feature. Duo’s recommended best practice for IdentityNow Password Reset is found here: Configure the Duo Web Integration in IdentityNow. Using Duo Web allows IdentityNow to embed iFrames and provide an improved user experience for password resets and account unlocks. ![]() To use Duo for password resets and account unlocks in IdentityNow, you must set up and configure Duo Web.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |