In this article I will show you how to configure your Hypersocket product to use Duo Security two-factor authentication. Duo Security provides a number of options for two-factor authentication based around using your Mobile phone as the authentication device.
Step 1 - Configure
You must have an account with Duo Security in order to use this authentication method. We use the DuoWeb authentication method and so your account should be setup and configured with the Web SDK Application type. When viewing the list of Applications you will find this towards the bottom of the list similar to the image below.
Once you have clicked "Protect this Application" you will be provided with a set of configuration options that you should copy into the Hypersocket Duo Authentication Settings.
Copy the Integration Key, Secret Key and API Hostname and navigate to Authentication->Settings and copy each value into the corresponding value in the Duo tab.
Finally, in order to use Duo in your authentication you need to add the Duo authentication module to one of your authentication flows. There are several flows, one for each different access type. For example, the Browser flow defines the logon process for the user logging on from a Browser. The Client flow defines the flow for a user logging on from the Hypersocket Client.
Navigate to Authentication->Schemes and select the Browser tab. Use click on the Duo authentication module on the right hand side to add it to the flow.
Once the flow is ready click Save to complete. You are now ready to logon using the Duo Mobile App.
Step 2 - Logging On
When a user that does not have a Duo profile on your account logs on for the first time they will be prompted to setup Duo authentication.
The user should follow the prompts and install the application on their phone. This will involve using a QR code to register the phone.
Once installed the user will be presented with the Duo form. In this case its indicated it has automatically sent me a Duo Push notification as this is the preference for the user account I am using.
Once the Duo Push notification has been completed the logon will be redirected to the users dashboard.
In this article we have configured Duo account to use the Web SDK and taken its settings and configured Hypersocket. We also modified the authentication flow for the Browser to include the Duo authentication module and then configured an account to logon using this mobile based two-factor authentication module.