Duo Authentication Security Beat
Version 6.0.5
Overview
Duo provides modern access security designed to safeguard all users, devices, and applications. It also adds an extra layer for authentication via two-factor authentication or multi-factor authentication. For the full list of named devices and applications, see Duo documentation.
Prerequisites
- A Duo Security account. For more information on creating a Duo account, see Duo documentation on getting started.
- A DMZ server that provides perimeter network security. For more information on DMZ server requirements, see the Deploy a DMZ server documentation.
Configuration
The configuration for Duo varies from application to application. Duo also provides SAML connectors for enterprise cloud applications, including Google G Suite, AWS, Box, Salesforce, and Microsoft Office 365. For a full list of supported cloud applications, see Duo documentation.
For instructions on how to connect Duo to Okta, see Connect Okta.
Types of Logs
Meet compliance standards and identify security risks with Duo’s detailed logs. Duo logs are accessible through your admin panel. You can search and export the logs manually via CSV file, or in real-time to your log management or SIEM systems via our REST API.
Authentication Logs
Authentication logs show you where and how users authenticate. These logs typically include usernames, location, time, type of authentication factor and more. Normalize user patterns so you can identify abnormal activity.
Administrator Logs
Administrator log events let you track the username, time and type of administrator activity, including groups, user, integration and device management. Identify any major admin changes and suspicious activity.
Telephony Logs
Telephony logs give you insight into the type of telephony event (SMS or phone), phone numbers, and the number of telephony credits used, ensuring you don’t run out of credits.
Offline Enrollment Logs
Offline enrollment logs return a list of Duo Authentication for Windows Logon offline enrollment events ranging from the last 180 days up to as recently as two minutes before the API request. There is an intentional two minute delay in availability of new authentications in the API response.
Log Collection Method
We support log collection via API calls or directly from the Duo Admin Panel.