DUO

Duo is a cloud based service that provides multifactor authentication to applications and services. Multi-factor authentication verifies identities via a second factor, such as an application push to your Duo-registered smartphone. Duo works by exchanging encrypted keys between the client, server and secondary factor when authenticating. This prevents unauthorized persons from gaining access even if they have obtained a valid password.

It is highly recommend that sensitive and protected University data be secured by multi-factor authentication. Data that could compromise the University’s reputation, property, employees, students, or interests if stolen is a strong candidate for Duo.

Click here to review the University data classification policy.

Cost

OU IT provides this service for FREE to all campus users.

Availability

Duo can be integrated into many cloud based or locally hosted applications. The Duo website (https://duo.com/) provides a list of specific applications they have integrated with along with very detailed instructions.

For applications not specified, Duo can also protect local and remote (SSH) logins on Unix systems, SSL or IPSec VPN Logins, other VPNs and remote access solutions that support RADIUS authentication, Microsoft services like RDP or OWA, any device or system that supports authentication via LDAP, or our own web applications.

Features

Secondary Authentication Options:

  • iPhone & iPad
  • Android Phone & Tablets
  • BlackBerry Phones & Tablets
  • Windows Phones & Tablets
  • Cell Phones & Landlines
  • Hardware Tokens (ex. Yubikey)

Mobile Device Notifications:

  • Push notification options are available for secondary authentication on smartphones and tablets by installing the free Mobile app available for both iOS and Android.

Duo Multi-Factor Integration Example:

  • When a user opens a browser to log onto a website created with Python they will reach the same login page they are accustomed to and will proceed to login. A HMAC-SHA1 signed request is generated from the username, with an integration key provided from Duo, as well as a timestamp. After they enter valid credentials the browser displays an iframe which will prompt the user for the secondary factor. The communication of the user to the server through the iframe is handled by JavaScript provided by Duo. The selection of the secondary factor type is presented and selected by the user which is sent as a POST to the server. The secondary factor could be an SMS text message with a code, a phone call with a code, or most conveniently, a push notification. When the secondary factor is authenticated the iframe generates a signed response which it will POST to the server for validation of the legitimate response. A final function takes the integration key, secret key, integration key, the signed response and returns the username if everything is validated.

Related Articles

Self Help

Services Alerts

Check Alerts Subscribe

Can't find what you're looking for?

Contact Us
 
 
Request Service

Details

Service ID: 94
Created
Fri 6/19/20 9:37 AM
Modified
Thu 10/29/20 9:33 AM