Configure Duo Security Settings

If you have implemented or want to implement Duo Security as a third-party multi-factor authentication (MFA) solution, and Oracle Identity Cloud Service manages your primary authentication and identity management, you can connect to and integrate with Duo to secure Oracle IaaS, PaaS, or SaaS applications or to secure applications already secured by Oracle Identity Cloud Service.

The Duo feature is in early access. To enable this feature, file a Service Request with My Oracle Support. If you don't file a Service Request, then you won't be able to use Duo to authenticate with Oracle Identity Cloud Service.

Prerequisites:
  • Custom Login user interface implemented.
  • Duo enabled in Oracle Identity Cloud Service by Oracle Support.
  • Download and install the Duo Mobile app from the Google Play Store or the Apple Store.
  1. Enable Duo in Oracle Identity Cloud Service.

    File a Service Request with My Oracle Support.

  2. Subscribe to Duo and a create a Duo administrator account.

    Go to https://duo.com/ to set up your subscription and to set up your Duo administrative account. Refer to the Duo documentation for the latest instructions.

  3. Create and activate the Duo-protected Web SDK app.
    To create and activate the Duo-protected Web SDK app, refer to the Duo documentation for the latest instructions.
  4. Note the credentials and connecting host information.

    These values were generated when you created and activated the Duo-protected Web SDK app. You need the values for Integration key, Secret key, and API hostname. Refer to the Duo documentation for the latest instructions.

  5. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, Factors, and then Duo Security.
  6. Enter the credentials and connecting host information (Integration key, Secret key, and API hostname) that was generated from your Duo Administrative account, and then choose a User Identifier.
    The User Identifier that you choose must map to the user identifier set in the Duo user account. For example, User Name in the Oracle Identity Cloud Service user account must map to Username in the Duo security user account.
  7. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, MFA, turn on Duo Security, and then click Save.

Post Requirement: Understand the user Duo enrollment workflow.

User Enrollment Flow

1. User accesses the Custom login user interface.

2. Duo Security prompts the user to enroll.

3. Duo sends the User a notification asking them to enroll in Duo. Options are PUSH, TOTP, SMS, or SECURITY_QUESTIONS.

4. User accepts the enrollment verification.

5. User is created in Duo.

6. Optional. User sets up an additional factor. Options are PUSH, TOTP, SMS, or SECURITY_QUESTIONS. Or click Done.

7. User is logged in to Oracle Identity Cloud Service.

8. User can now use Duo Security MFA factors to sign in to Oracle Identity Cloud Service.