1. Oracle Identity Cloud Service REST APIREST API for Oracle Identity Cloud Service
  2. Use Cases
  3. Using Duo Security with Oracle Identity Cloud Service
  4. Updating the Authentication Factor Settings with Duo Security Settings

Updating the Authentication Factor Settings with Duo Security Settings

The following example shows how to update Multi-Factor Authentication settings for a tenant by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use. 
curl
-X PUT
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/AuthenticationFactorSettings/<ID>

Example of Request Body

The following shows an example of the request body in JSON format:

{
  "bypassCodeSettings": {
    "helpDeskCodeExpiryInMins": 60,
    "helpDeskGenerationEnabled": true,
    "helpDeskMaxUsage": 5,
    "length": 12,
    "maxActive": 5,
    "selfServiceGenerationEnabled": true
  },
  "clientAppSettings": {
    "deviceProtectionPolicy": "NONE",
    "initialLockoutPeriodInSecs": 30,
    "keyPairLength": 2048,
    "lockoutEscalationPattern": "Constant",
    "maxFailuresBeforeLockout": 10,
    "maxFailuresBeforeWarning": 5,
    "maxLockoutIntervalInSecs": 86400,
    "minPinLength": 6,
    "policyUpdateFreqInDays": 7,
    "requestSigningAlgo": "SHA256withRSA",
    "sharedSecretEncoding": "Base32",
    "unlockAppForEachRequestEnabled": false,
    "unlockAppIntervalInSecs": 300,
    "unlockOnAppForegroundEnabled": false,
    "unlockOnAppStartEnabled": false
  },
  "compliancePolicy": [
    {
      "action": "Allow",
      "name": "lockScreenRequired",
      "value": "false"
    },
    {
      "action": "Allow",
      "name": "lockScreenRequiredUnknown",
      "value": "false"
    },
    {
      "action": "Allow",
      "name": "jailBrokenDevice",
      "value": "false"
    },
    {
      "action": "Allow",
      "name": "jailBrokenDeviceUnknown",
      "value": "false"
    },
    {
      "action": "Allow",
      "name": "minWindowsVersion",
      "value": "8.1"
    },
    {
      "action": "Allow",
      "name": "minIosVersion",
      "value": "7.1"
    },
    {
      "action": "Allow",
      "name": "minAndroidVersion",
      "value": "4.1"
    },
    {
      "action": "Allow",
      "name": "minIosAppVersion",
      "value": "4.0"
    },
    {
      "action": "Allow",
      "name": "minAndroidAppVersion",
      "value": "8.0"
    },
    {
      "action": "Allow",
      "name": "minWindowsAppVersion",
      "value": "1.0"
    }
  ],
  "endpointRestrictions": {
    "maxEndpointTrustDurationInDays": 15,
    "maxEnrolledDevices": 5,
    "maxTrustedEndpoints": 5,
    "trustedEndpointsEnabled": true,
    "maxIncorrectAttempts": 10
  },
  "id": "AuthenticationFactorSettings",
  "mfaEnrollmentType": "Required",
  "pushEnabled": false,
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
  ],
  "thirdPartyFactor": {
        "duoSecurity": true
    },
  "notificationSettings": {
        "pullEnabled": true
    },
     "urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings": {
        "duoSecuritySettings": {
            "integrationKey": "XXXXXXXXXXXXXXXXXXXX",
            "secretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
            "apiHostname": "api-example.duosecurity.com",
            "userMappingAttribute": "userName"
    }
    },
  "securityQuestionsEnabled": false,
  "smsEnabled": false,
  "emailEnabled": false,
  "bypassCodeEnabled": false,
  "totpEnabled": false,
  "totpSettings": {
    "hashingAlgorithm": "SHA1",
    "jwtValidityDurationInSecs": 300,
    "keyRefreshIntervalInDays": 60,
    "passcodeLength": 6,
    "smsOtpValidityDurationInMins": 10,
    "smsPasscodeLength": 6,
    "timeStepInSecs": 30,
    "timeStepTolerance": 3,
	"emailOtpValidityDurationInMins": 10,
	"emailPasscodeLength": 6
  },
  "mfaEnabledCategory": "NONE"
}

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
    "bypassCodeSettings": {
        "helpDeskCodeExpiryInMins": 60,
        "helpDeskGenerationEnabled": true,
        "helpDeskMaxUsage": 5,
        "length": 12,
        "maxActive": 5,
        "selfServiceGenerationEnabled": true
    },
    "clientAppSettings": {
        "deviceProtectionPolicy": "NONE",
        "initialLockoutPeriodInSecs": 30,
        "keyPairLength": 2048,
        "lockoutEscalationPattern": "Constant",
        "maxFailuresBeforeLockout": 10,
        "maxFailuresBeforeWarning": 5,
        "maxLockoutIntervalInSecs": 86400,
        "minPinLength": 6,
        "policyUpdateFreqInDays": 7,
        "requestSigningAlgo": "SHA256withRSA",
        "sharedSecretEncoding": "Base32",
        "unlockAppForEachRequestEnabled": false,
        "unlockAppIntervalInSecs": 300,
        "unlockOnAppForegroundEnabled": false,
        "unlockOnAppStartEnabled": false
    },
    "compliancePolicy": [
        {
            "action": "Allow",
            "name": "lockScreenRequired",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "lockScreenRequiredUnknown",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "jailBrokenDevice",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "jailBrokenDeviceUnknown",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "minWindowsVersion",
            "value": "8.1"
        },
        {
            "action": "Allow",
            "name": "minIosVersion",
            "value": "7.1"
        },
        {
            "action": "Allow",
            "name": "minAndroidVersion",
            "value": "4.1"
        },
        {
            "action": "Allow",
            "name": "minIosAppVersion",
            "value": "4.0"
        },
        {
            "action": "Allow",
            "name": "minAndroidAppVersion",
            "value": "8.0"
        },
        {
            "action": "Allow",
            "name": "minWindowsAppVersion",
            "value": "1.0"
        }
    ],
    "endpointRestrictions": {
        "maxEndpointTrustDurationInDays": 15,
        "maxEnrolledDevices": 5,
        "maxTrustedEndpoints": 5,
        "trustedEndpointsEnabled": true,
        "maxIncorrectAttempts": 10
    },
    "id": "AuthenticationFactorSettings",
    "mfaEnrollmentType": "Required",
    "pushEnabled": false,
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
    ],
    "thirdPartyFactor": {
        "duoSecurity": true
    },
    "notificationSettings": {
        "pullEnabled": true
    },
    "urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings": {
        "duoSecuritySettings": {
            "integrationKey": "XXXXXXXXXXXXXXXXXXXX",
            "secretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
            "apiHostname": "api-example.duosecurity.com",
            "userMappingAttribute": "userName"
        }
    },
    "securityQuestionsEnabled": false,
    "smsEnabled": false,
    "emailEnabled": false,
    "bypassCodeEnabled": false,
    "totpEnabled": false,
    "totpSettings": {
        "hashingAlgorithm": "SHA1",
        "jwtValidityDurationInSecs": 300,
        "keyRefreshIntervalInDays": 60,
        "passcodeLength": 6,
        "smsOtpValidityDurationInMins": 10,
        "smsPasscodeLength": 6,
        "timeStepInSecs": 30,
        "timeStepTolerance": 3,
        "emailOtpValidityDurationInMins": 10,
        "emailPasscodeLength": 6
    },
    "meta": {
        "lastModified": "2019-10-15T07:44:53.601Z",
        "resourceType": "AuthenticationFactorSettings",
        "created": "2019-10-04T06:56:10.285Z",
        "location": "https://tenant-base-url/admin/v1/AuthenticationFactorSettings/AuthenticationFactorSettings"
    },
    "idcsLastModifiedBy": {
        "value": "5753639d3ca046f094a8f4aeaf9ea5e5",
        "type": "App",
        "display": "testPostman",
        "$ref": "https://tenant-base-url/admin/v1/Apps/5753639d3ca046f094a8f4aeaf9ea5e5"
    },
    "idcsCreatedBy": {
        "value": "c480fd39014e40f3bf4f963b3b6a423b",
        "type": "App",
        "display": "idcssm",
        "$ref": "https://tenant-base-url/admin/v1/Apps/c480fd39014e40f3bf4f963b3b6a423b"
    },
    "mfaEnabledCategory": "NONE"
}