Duo Security’s authentication platform secures access to Okta, extending two-factor protection to web applications launched from an Okta browser session.
Configuration on Duo
- Sign up for a Duo account.
- Log in to your Duo Admin Panel.
- On the left-side navigation panel, click Applications.
- In the top-right corner, click Protect an Application.
- In the search field, type okta and locate Okta in the applications list.
- To the right of Okta, click Protect. (See Getting Started for help.)
Your Okta details appear.
- Copy and save your Integration key, Secret key, and API hostname.
Configure Okta Authentication
- Log in to your Okta account as an administrator.
- Click Admin.
Click Security, and then click Multifactor.
Click on Duo Security.
In the Duo Security Settings section, click Edit.
Fill out the form with your Duo Okta application information as follows.
Integration Key Your integration key (for example, DIXXXXXXXXXXXXXXXXXX) Secret Key Your secret key API Hostname Your API hostname (for example, api-XXXXXXXX.duosecurity.com) Duo Username Format Select the name format used to log in to Okta.
While still viewing the Duo Security factory type, click Inactive and then select Activate to enable Duo.
On the menu at the top, click Security, and then click Authentication.
Click the Sign-on tab.
You can add a new rule for Duo Authentication to an existing Okta sign-on policy, or you can create a new policy for Duo and assign the policy to specific groups.
In this example, we explain how to turn on Duo for all users in the Default Policy.
Click Default Policy, and then click Add Rule.
The Add Rule window appears.
In the Rule Name field, enter a name for your new Duo rule (for example, Duo Authentication).
In the Exclude Users field, enter any users you do not want using Duo when logging in to Okta.
Select the Prompt for Factor check box to enable secondary authentication.
Select whether you want 2FA required Per Device, Every Time, or Per Session.
Choose your desired options for the other rule settings, and then click Create Rule.
The Okta sign-on policy shows your new Duo rule.
Contact Okta support if you have any questions about the integration or need assistance configuring your authentication and multi-factor settings. Contact Duo Support for assistance with the Duo service.
Test Your Setup
Okta prompts new, unenrolled Duo users to setup multi-factor authentication at the first login to Okta after Duo is enabled.
- Click Setup under Duo Security.
The Setup Duo Security window appears.
- Complete Okta's multi-factor setup by stepping through the prompts. For more information, see Duo enrollment.
- When Duo enrollment is completed, users can choose one of the Duo authentication options to access Okta.