Configure Duo Security Settings

If you have implemented or want to implement Duo Security as a third-party multi-factor authentication (MFA) solution, and Oracle Identity Cloud Service manages your primary authentication and identity management, you can connect to and integrate with Duo to secure Oracle IaaS, PaaS, or SaaS applications or to secure applications already secured by Oracle Identity Cloud Service.

Prerequisites

• Enable Duo. This is Standard License feature. To learn about these features, see Standard License Tier Features for Oracle Identity Cloud Service.
• Download and install the Duo Mobile app from the Google Play Store or the Apple Store.

1. Subscribe to Duo and a create a Duo administrator account.

   Go to https://duo.com/ to set up your subscription and to set up your Duo administrative account. Refer to the Duo documentation for the latest instructions.

2. Create and activate the Duo-protected Web SDK app.
   To create and activate the Duo-protected Web SDK app, refer to the Duo documentation for the latest instructions.
3. Note the credentials and connecting host information.

   These values were generated when you created and activated the Duo-protected Web SDK app. You need the values for Integration key, Secret key, and API hostname. Refer to the Duo documentation for the latest instructions.

4. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, Factors. and then Duo Security.
5. Enter the credentials and connecting host information (Integration key, Secret key, and API hostname) that was generated from your Duo Administrative account, and then choose a User Identifier.
   The User Identifier that you choose must map to the user identifier set in the Duo user account. For example, User Name in the Oracle Identity Cloud Service user account must map to Username in the Duo security user account.
6. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, MFA, turn on Duo Security, and then click Save.
   You may have to log out and log in again to see Duo Security.

Post Requirement: Understand the user Duo enrollment workflow.

1. User accesses the login screen.

2. Duo Security prompts the user to enroll.

3. Duo sends the User a notification asking them to enroll in Duo. Options are PUSH, TOTP, SMS, or SECURITY_QUESTIONS.

4. User accepts the enrollment verification.

5. User is created in Duo.

6. Optional. User sets up an additional factor. Options are PUSH, TOTP, SMS, or SECURITY_QUESTIONS. Or click Done.

7. User is logged in to Oracle Identity Cloud Service.

8. User can now use Duo Security MFA factors to sign in to Oracle Identity Cloud Service.