Workspace ONE Access now offers a native integration with DUO. This integration will not require the use of radius and/or the Workspace ONE Access connector.
This blog will outline the steps to setup and configure DUO and Workspace ONE Access.
*Now Available on All Platforms*
1. Create a Web SDK Application in DUO
- In your DUO admin console, go to Dashboard -> Applications -> Protect an Application
- In the search box, enter “Web SDK” and Click Protect
- Make note of your Integration Key, Secret Key and API Hostname
Note: In the latest version of the DUO Admin Console, the Integration Key is now called a Client ID and the Secret Key is now called a Client Secret.
- Scroll down to settings and update the name of this application.
- Click Save
2. Enable the Workspace ONE Authentication Method
- Log into the Workspace ONE Administration Console
- Go to Identity & Access Management -> Authentication Methods
- Click Edit for “DUO Security”
- Enable the Adapter
- Paste your Integration Key.
- Paste your Secret Key
- Paste your API Host Name
- Select the correct username format. The only options currently available are username and email address.
- Select Save
- Your DUO Adapter should be enabled and ready to use.
3. Update your “Built-In” IDP in Workspace ONE Access
- In the Workspace ONE Administration Console
- Go to Identity & Access Management -> Identity Providers
- Click on your “Built-In” Identity Provider that is already associated with your user directory.
- Scroll down to Authentication Methods and enable DUO Security
- Click Save
4. Update your Policies
- In the Workspace ONE Administration Console
- Go to Identity & Access Management -> Policies
- Edit your Default or Application Policy (depending on your requirements)
- Add DUO Security as a second factor of authentication.
- Click Save
- Click Next and Save
Testing the DUO Flow:
- Log into your Workspace ONE Access Console (via incognito)
- Enter your Username/Password (as an End User)
- Click on Start Setup
- Select your device type and click Continue
- Select the correct platform for your device and click Continue
- Workspace ONE Access will Prompt you to install Duo Mobile. Once you have DUO Mobile Installed, Click “I have DUO Mobile”
- In DUO Mobile, click the + sign and scan the barcode
- Once activated, you will see a green check mark.
- Click Continue
- When prompted, select “Send Me a Push”
- On your device, click Approve.
Steve The Identity Guy 
Maybe I’m missing something but my Workspace ONE Access doesn’t have an Authentication Method for Duo Security, is this something VMware need to enable on my cloud tenant?
LikeLike
Hi Andrew – My apologies for the confusion. This functionality was announced previously but will be GA next month.
LikeLike
Now that this feature is available (yippy!!) what else needs to be configured on the duo side?
LikeLike
Hi Michael, everything you need to get started is in the blog. Obviously DUO has a lot of capabilities but this will get you going.
LikeLike
Hi Steve,
Do you have info on whether this is planned for on-prem WS1 Access as well?
Best regards,
Wannes
LikeLike
Hi Wannes – This is something that is on the roadmap however there are some big dependencies that are required before this feature can be made available to on-premises. In my opinion, I don’t anticipate it will be something in the near term.
LikeLike