Duo Security’s authentication platform secures access to Okta, extending two-factor protection to web applications launched from an Okta browser session.

You may need to contact Okta Support to have the Duo multi-factor option enabled for your account before you can complete setup.


Configuration on Duo

  1. Sign up for a Duo account.
  2. Log in to your Duo Admin Panel.
  3. On the left-side navigation panel, click Applications.
  4. In the top-right corner, click Protect an Application.
  5. In the search field, type okta and locate Okta in the applications list. 
  6. To the right of Okta, click Protect. (See Getting Started for help.)


    Your Okta details appear.
  7. Copy and save your Integration keySecret key, and API hostname.



Configure Okta Authentication

  1. Log in to your Okta account as an administrator.
  2. Click Admin.
  3. Click Security, and then click Multifactor

  4. Click on Duo Security.

  5.  In the Duo Security Settings section, click Edit.

    If you don't see Duo Security listed, contact Okta Support to have it enabled on your account.


  6. Fill out the form with your Duo Okta application information as follows.

    Integration KeyYour integration key (for example, DIXXXXXXXXXXXXXXXXXX)
    Secret KeyYour secret key
    API HostnameYour API hostname (for example, api-XXXXXXXX.duosecurity.com)
    Duo Username FormatSelect the name format used to log in to Okta.
  7. Click Save.

  8. While still viewing the Duo Security factory type, click Inactive and then select Activate to enable Duo.

  9. On the menu at the top, click Security, and then click Authentication

  10. Click the Sign-on tab.

    You can add a new rule for Duo Authentication to an existing Okta sign-on policy, or you can create a new policy for Duo and assign the policy to specific groups.

  11. In this example, we explain how to turn on Duo for all users in the Default Policy.

  12. Click Default Policy, and then click Add Rule

    The Add Rule window appears.

  13. In the Rule Name field, enter a name for your new Duo rule (for example, Duo Authentication).

  14.  In the Exclude Users field, enter any users you do not want using Duo when logging in to Okta. 

  15. Select the Prompt for Factor check box to enable secondary authentication.

  16. Select whether you want 2FA required Per Device, Every Time, or Per Session. 

  17. Choose your desired options for the other rule settings, and then click Create Rule.

  18. The Okta sign-on policy shows your new Duo rule.



For more information on Okta security policies, see Okta help center documenation on Security Policies or Duo Security for MFA.

Contact Okta support if you have any questions about the integration or need assistance configuring your authentication and multi-factor settings. Contact Duo Support for assistance with the Duo service.


Test Your Setup

Okta prompts new, unenrolled Duo users to setup multi-factor authentication at the first login to Okta after Duo is enabled.

  1. Click Setup under Duo Security.

    The Setup Duo Security window appears.
  2. Complete Okta's multi-factor setup by stepping through the prompts. For more information, see Duo enrollment.
  3. When Duo enrollment is completed, users can choose one of the Duo authentication options to access Okta.