Integrating DUO with Workspace ONE Access

Workspace ONE Access now offers a native integration with DUO. This integration will not require the use of radius and/or the Workspace ONE Access connector.

This blog will outline the steps to setup and configure DUO and Workspace ONE Access.

*Now Available on All Platforms*

1. Create a Web SDK Application in DUO

  1. In your DUO admin console, go to Dashboard -> Applications -> Protect an Application
  1. In the search box, enter “Web SDK” and Click Protect
  1. Make note of your Integration Key, Secret Key and API Hostname

Note: In the latest version of the DUO Admin Console, the Integration Key is now called a Client ID and the Secret Key is now called a Client Secret.

  1. Scroll down to settings and update the name of this application.
  1. Click Save

2. Enable the Workspace ONE Authentication Method

  1. Log into the Workspace ONE Administration Console
  2. Go to Identity & Access Management -> Authentication Methods
  1. Click Edit for “DUO Security”
  1. Enable the Adapter
  2. Paste your Integration Key.
  3. Paste your Secret Key
  4. Paste your API Host Name
  5. Select the correct username format. The only options currently available are username and email address.
  6. Select Save
  7. Your DUO Adapter should be enabled and ready to use.

3. Update your “Built-In” IDP in Workspace ONE Access

  1. In the Workspace ONE Administration Console
  2. Go to Identity & Access Management -> Identity Providers
  3. Click on your “Built-In” Identity Provider that is already associated with your user directory.
  4. Scroll down to Authentication Methods and enable DUO Security
  1. Click Save

4. Update your Policies

  1. In the Workspace ONE Administration Console
  2. Go to Identity & Access Management -> Policies
  3. Edit your Default or Application Policy (depending on your requirements)
  4. Add DUO Security as a second factor of authentication.
  1. Click Save
  2. Click Next and Save

Testing the DUO Flow:

  1. Log into your Workspace ONE Access Console (via incognito)
  2. Enter your Username/Password (as an End User)
  1. Click on Start Setup
  1. Select your device type and click Continue
  1. Select the correct platform for your device and click Continue
  1. Workspace ONE Access will Prompt you to install Duo Mobile. Once you have DUO Mobile Installed, Click “I have DUO Mobile”
  1. In DUO Mobile, click the + sign and scan the barcode
  1. Once activated, you will see a green check mark.
  1. Click Continue
  1. When prompted, select “Send Me a Push”
  1. On your device, click Approve.

9 thoughts on “Integrating DUO with Workspace ONE Access

  1. Maybe I’m missing something but my Workspace ONE Access doesn’t have an Authentication Method for Duo Security, is this something VMware need to enable on my cloud tenant?

    Like

    1. Hi Wannes – This is something that is on the roadmap however there are some big dependencies that are required before this feature can be made available to on-premises. In my opinion, I don’t anticipate it will be something in the near term.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s