This topic provides instructions on how to configure the Duo app and how to provision the users from WSO2 Identity Server. See the following sections for more information.
...
- Go to https://duo.com and click free signup and register.
- Log in to Duo Security. Click Applications from the left panel and click the Protect an Application button.
In the Protect an Application page, select Admin API from the list.
Warning Important : If you can not see the type “Admin API” in the dropdown, contact the Duo team through support@duosecurity.com and ask for Admin API permission.
- Once the Integration is created, you are given a Secret key and an Integration key for your integration. You can use these along with your Duo host when accessing duo security APIs.
- Make sure to enable "Grant Write Resource" permission to provisioning the users. Check the Admin API application settings in the Duo Admin Panel (Applications > Admin API, scroll down to Settings section > Permissions).
Configuring user claim
- Log into the WSO2 Identity Server Management Console by entering your username and password.
- In the Main menu, click Add under Claims.
- Click Add New Claim.
- Select the Dialect from the dropdown provided and enter the required information.
- Add the following user claims under ' http://wso2.org/claims' .
...
Deploying Duo artifacts
To download the authenticator and artifacts, go to the WSO2 store.
Place the provisioning connector .jar file (org.wso2.carbon.extension.identity.provisioning.connector.duo-1.0x.1x
.jar
) into the<IS_HOME>/repository/components/dropins
directory.Note If you want to upgrade the Duo Provisioning Authenticator in your existing IS pack, please refer upgrade instructions.
- Place the
okio-1.9.0.jar
into the<IS_HOME>/repository/components/lib
directory.
...