Updating the Authentication Factor Settings with Duo Security Settings
The following example shows how to update Multi-Factor Authentication settings for a tenant by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.
cURL Command
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path,
where
tenant-base-url
represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use.
curl
-X PUT
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/AuthenticationFactorSettings/<ID>
Example of Request Body
The following shows an example of the request body in JSON format:
{
"bypassCodeSettings": {
"helpDeskCodeExpiryInMins": 60,
"helpDeskGenerationEnabled": true,
"helpDeskMaxUsage": 5,
"length": 12,
"maxActive": 5,
"selfServiceGenerationEnabled": true
},
"clientAppSettings": {
"deviceProtectionPolicy": "NONE",
"initialLockoutPeriodInSecs": 30,
"keyPairLength": 2048,
"lockoutEscalationPattern": "Constant",
"maxFailuresBeforeLockout": 10,
"maxFailuresBeforeWarning": 5,
"maxLockoutIntervalInSecs": 86400,
"minPinLength": 6,
"policyUpdateFreqInDays": 7,
"requestSigningAlgo": "SHA256withRSA",
"sharedSecretEncoding": "Base32",
"unlockAppForEachRequestEnabled": false,
"unlockAppIntervalInSecs": 300,
"unlockOnAppForegroundEnabled": false,
"unlockOnAppStartEnabled": false
},
"compliancePolicy": [
{
"action": "Allow",
"name": "lockScreenRequired",
"value": "false"
},
{
"action": "Allow",
"name": "lockScreenRequiredUnknown",
"value": "false"
},
{
"action": "Allow",
"name": "jailBrokenDevice",
"value": "false"
},
{
"action": "Allow",
"name": "jailBrokenDeviceUnknown",
"value": "false"
},
{
"action": "Allow",
"name": "minWindowsVersion",
"value": "8.1"
},
{
"action": "Allow",
"name": "minIosVersion",
"value": "7.1"
},
{
"action": "Allow",
"name": "minAndroidVersion",
"value": "4.1"
},
{
"action": "Allow",
"name": "minIosAppVersion",
"value": "4.0"
},
{
"action": "Allow",
"name": "minAndroidAppVersion",
"value": "8.0"
},
{
"action": "Allow",
"name": "minWindowsAppVersion",
"value": "1.0"
}
],
"endpointRestrictions": {
"maxEndpointTrustDurationInDays": 15,
"maxEnrolledDevices": 5,
"maxTrustedEndpoints": 5,
"trustedEndpointsEnabled": true,
"maxIncorrectAttempts": 10
},
"id": "AuthenticationFactorSettings",
"mfaEnrollmentType": "Required",
"pushEnabled": false,
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
],
"thirdPartyFactor": {
"duoSecurity": true
},
"notificationSettings": {
"pullEnabled": true
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings": {
"duoSecuritySettings": {
"integrationKey": "XXXXXXXXXXXXXXXXXXXX",
"secretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"apiHostname": "api-example.duosecurity.com",
"userMappingAttribute": "userName"
}
},
"securityQuestionsEnabled": false,
"smsEnabled": false,
"emailEnabled": false,
"bypassCodeEnabled": false,
"totpEnabled": false,
"totpSettings": {
"hashingAlgorithm": "SHA1",
"jwtValidityDurationInSecs": 300,
"keyRefreshIntervalInDays": 60,
"passcodeLength": 6,
"smsOtpValidityDurationInMins": 10,
"smsPasscodeLength": 6,
"timeStepInSecs": 30,
"timeStepTolerance": 3,
"emailOtpValidityDurationInMins": 10,
"emailPasscodeLength": 6
},
"mfaEnabledCategory": "NONE"
}
Example of Response Body
The following example shows the contents of the response body in JSON format:
{
"bypassCodeSettings": {
"helpDeskCodeExpiryInMins": 60,
"helpDeskGenerationEnabled": true,
"helpDeskMaxUsage": 5,
"length": 12,
"maxActive": 5,
"selfServiceGenerationEnabled": true
},
"clientAppSettings": {
"deviceProtectionPolicy": "NONE",
"initialLockoutPeriodInSecs": 30,
"keyPairLength": 2048,
"lockoutEscalationPattern": "Constant",
"maxFailuresBeforeLockout": 10,
"maxFailuresBeforeWarning": 5,
"maxLockoutIntervalInSecs": 86400,
"minPinLength": 6,
"policyUpdateFreqInDays": 7,
"requestSigningAlgo": "SHA256withRSA",
"sharedSecretEncoding": "Base32",
"unlockAppForEachRequestEnabled": false,
"unlockAppIntervalInSecs": 300,
"unlockOnAppForegroundEnabled": false,
"unlockOnAppStartEnabled": false
},
"compliancePolicy": [
{
"action": "Allow",
"name": "lockScreenRequired",
"value": "false"
},
{
"action": "Allow",
"name": "lockScreenRequiredUnknown",
"value": "false"
},
{
"action": "Allow",
"name": "jailBrokenDevice",
"value": "false"
},
{
"action": "Allow",
"name": "jailBrokenDeviceUnknown",
"value": "false"
},
{
"action": "Allow",
"name": "minWindowsVersion",
"value": "8.1"
},
{
"action": "Allow",
"name": "minIosVersion",
"value": "7.1"
},
{
"action": "Allow",
"name": "minAndroidVersion",
"value": "4.1"
},
{
"action": "Allow",
"name": "minIosAppVersion",
"value": "4.0"
},
{
"action": "Allow",
"name": "minAndroidAppVersion",
"value": "8.0"
},
{
"action": "Allow",
"name": "minWindowsAppVersion",
"value": "1.0"
}
],
"endpointRestrictions": {
"maxEndpointTrustDurationInDays": 15,
"maxEnrolledDevices": 5,
"maxTrustedEndpoints": 5,
"trustedEndpointsEnabled": true,
"maxIncorrectAttempts": 10
},
"id": "AuthenticationFactorSettings",
"mfaEnrollmentType": "Required",
"pushEnabled": false,
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
],
"thirdPartyFactor": {
"duoSecurity": true
},
"notificationSettings": {
"pullEnabled": true
},
"urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings": {
"duoSecuritySettings": {
"integrationKey": "XXXXXXXXXXXXXXXXXXXX",
"secretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"apiHostname": "api-example.duosecurity.com",
"userMappingAttribute": "userName"
}
},
"securityQuestionsEnabled": false,
"smsEnabled": false,
"emailEnabled": false,
"bypassCodeEnabled": false,
"totpEnabled": false,
"totpSettings": {
"hashingAlgorithm": "SHA1",
"jwtValidityDurationInSecs": 300,
"keyRefreshIntervalInDays": 60,
"passcodeLength": 6,
"smsOtpValidityDurationInMins": 10,
"smsPasscodeLength": 6,
"timeStepInSecs": 30,
"timeStepTolerance": 3,
"emailOtpValidityDurationInMins": 10,
"emailPasscodeLength": 6
},
"meta": {
"lastModified": "2019-10-15T07:44:53.601Z",
"resourceType": "AuthenticationFactorSettings",
"created": "2019-10-04T06:56:10.285Z",
"location": "https://tenant-base-url/admin/v1/AuthenticationFactorSettings/AuthenticationFactorSettings"
},
"idcsLastModifiedBy": {
"value": "5753639d3ca046f094a8f4aeaf9ea5e5",
"type": "App",
"display": "testPostman",
"$ref": "https://tenant-base-url/admin/v1/Apps/5753639d3ca046f094a8f4aeaf9ea5e5"
},
"idcsCreatedBy": {
"value": "c480fd39014e40f3bf4f963b3b6a423b",
"type": "App",
"display": "idcssm",
"$ref": "https://tenant-base-url/admin/v1/Apps/c480fd39014e40f3bf4f963b3b6a423b"
},
"mfaEnabledCategory": "NONE"
}