Jump to a Section

Actions

  • Add User to Group

    Add a user to a group in Duo Security Admin.

    Required fields are indicated by a red asterisk.

    Input Fields

    Info

    • User ID (text): unique identifier of the user
    • Group ID (text): unique identifier of the group

    Output Fields

    • Status Code: success or failure of your HTTP request; here is a list of all status codes
    • Body: body of the success or failure message
  • Create User

    Create a new user in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Input

    • User
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Status (dropdown): user’s Duo status;
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Notes: Free text field for additional user information

    Output

    • User
      • User ID: unique identifier of the newly created user
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Created: date timestamp when user account was created
      • Groups:
        • Name: group’s name
        • ID: group’s ID
        • Description: group’s description
        • Status: group’s authentication status; one of active, bypass, or disabled.
        • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.
        • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.
        • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.
        • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.
      • Is Enrolled?: true if the user has a phone, hardware token, U2F token, or security key available for authentication; otherwise, false.
      • Last Directory Sync: timestamp of the last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.
      • Last Login: last time this user logged in, as a UNIX timestamp, or null if the user has not logged in
      • Status: user’s status:
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
        • locked out: user has been automatically locked out due to excessive authentication attempts
        • pending deletion: user was marked for deletion by a Duo admin from the Admin Panel, by the system for inactivity, or by directory sync; if not restored within seven days, the user is permanently deleted.
      • Phones:
        • Activated?: indicates whether a phone has been activated for Duo Mobile; either true or false.
        • Capabilities: list of factors that can be used with the device:
          • push: device is activated for Duo Push
          • phone: device can receive phone calls
          • sms: device can receive batches of SMS passcodes
          • mobile_otp: device can generate passcodes with Duo Mobile
        • Encrypted: encryption status of an Android or iOS device file system; one of Encrypted, Unencrypted, or Unknown; blank for other platforms.
        • Extension: phone extension
        • Fingerprint: indicates whether an Android or iOS phone is configured for biometric verification; one of Configured, Disabled, or Unknown; blank for other platforms.
        • Last Seen: timestamp of the last contact between Duo’s service and the activated Duo Mobile app installed on the phone; blank if the device has never activated Duo Mobile or if the platform does not support it.
        • Model: phone’s model
        • Name: phone’s label
        • Number: phone number
        • Phone ID: phone’s ID
        • Platform: phone platform; one of unknown, google android, apple ios, windows phone 7, rim blackberry, java j2me, palm webos, symbian os, windows mobile, or generic smartphone.
        • Postdelay: time (in seconds) to wait after the extension is dialed and before the speaking the prompt
        • Predelay: time (in seconds) to wait after the number picks up and before dialing the extension
        • Screenlock: indicates whether screen lock is enabled on an Android or iOS phone; one of Locked, Unlocked, or Unknown; blank for other platforms.
        • SMS Passcode Sent?: indicates whether SMS passcodes have been sent to the phone; either true or false.
        • Tampered: indicates whether an iOS or Android device is jailbroken or rooted; one of Not Tampered, Tampered, or Unknown; blank for other platforms.
        • Type: type of phone; one of unknown, mobile, or landline.
      • Tokens:
        • Token ID: hardware token’s unique identifier
        • Type: type of hardware token
        • Serial: serial number of the hardware token, used to uniquely identify the hardware token when paired with type
        • TOTP Step: null for all supported token types
      • U2F Tokens:
        • Date Added: date the U2F token was registered in Duo
        • Registration ID: U2F token’s registration identifier
      • WebAuthn Credentials:
        • Credential Name: label for the WebAuthn credential
        • Date Added: date the WebAuthn credential was registered in Duo
        • Label: indicates the type of WebAuthn credential; either Security Key or Touch ID.
        • WebAuthn Key: WebAuthn credential’s registration identifier
  • Custom API Action

    Make a custom, authenticated HTTP call to the Duo Security Admin API.

    Options

    • Request Type (dropdown): use the appropriate request type depending on the endpoint/method
      • GET
      • POST
      • PUT
      • PATCH
      • DELETE

    Input

    • Relative URL (text): Specify the relative URL as /{{api}}/{{api.version}}/{insert_remaining_URL}. You can specify query parameters in the relative URL using “?”, or specify the query parameters as an object key pair in the Query input.

      Example: https://{API Host Name}/admin/v1{Relative URL}

    • Query (object): Specify any additional query parameters that should be included in object format (key value pairs).

    • Headers (object): Specify any headers required in addition to authorization or content-type (these are already handled by this connector).

    • Body (object): Specify a request body in JSON format. Only available for POST, PUT, and PATCH requests.

    Output

    Response

    • Status Code (number): success or failure of your HTTP request. Here is a list of all status codes.
    • Headers (object): a detailed context for the status code, unrelated to the output body. Response headers are dependent on your selected HTTP request option. Note that not all headers are response headers. This will usually be a replica of the example below.

      Example: {"Content-type":"application/json"}
    • Body (object): data returned from your selected HTTP request (for example, the data from a GET request).

  • Delete User

    Delete a user profile from Duo Security Admin.

    Required fields are indicated by a red asterisk.

    Input Fields

    User

    • User ID (text): unique identifier of the user

    Output Fields

    • Status Code: success or failure of your HTTP request; here is a list of all status codes
    • Body: body of the success or failure message
  • Enroll User

    Enroll a user in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Input Fields

    User

    • Username: user’s primary Duo username
    • Email: email address to which the enrollment email is sent. Note: This doesn’t have to match the user’s email.
    • Valid For: number of seconds for which the enrollment code is valid. Default is 2592000 (30 days).

    Output Fields

    User

    • Enrollment Code: enrollment code that is generated and sent in the enrollment email notification.
  • Get Groups

    Get information on all groups in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Output

    • Groups:
      • Name: group’s name
      • ID: group’s ID
      • Description: group’s description
      • Status: group’s authentication status; one of active, bypass, or disabled.
      • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.
      • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.
      • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.
      • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.
  • Read User

    Get user information in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Input

    • User
      • User ID: unique identifier of the user

    Output

    • User
      • User ID: unique identifier of the newly created user
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Created: date timestamp when user account was created
      • Groups:
        • Name: group’s name
        • ID: group’s ID
        • Description: group’s description
        • Status: group’s authentication status; one of active, bypass, or disabled.
        • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.
        • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.
        • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.
        • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.
      • Is Enrolled?: true if the user has a phone, hardware token, U2F token, or security key available for authentication; otherwise, false.
      • Last Directory Sync: timestamp of the last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.
      • Last Login: last time this user logged in, as a UNIX timestamp, or null if the user has not logged in
      • Status: user’s status:
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
        • locked out: user has been automatically locked out due to excessive authentication attempts
        • pending deletion: user was marked for deletion by a Duo admin from the Admin Panel, by the system for inactivity, or by directory sync; if not restored within seven days, the user is permanently deleted.
      • Phones:
        • Activated?: indicates whether a phone has been activated for Duo Mobile; either true or false.
        • Capabilities: list of factors that can be used with the device:
          • push: device is activated for Duo Push
          • phone: device can receive phone calls
          • sms: device can receive batches of SMS passcodes
          • mobile_otp: device can generate passcodes with Duo Mobile
        • Encrypted: encryption status of an Android or iOS device file system; one of Encrypted, Unencrypted, or Unknown; blank for other platforms.
        • Extension: phone extension
        • Fingerprint: indicates whether an Android or iOS phone is configured for biometric verification; one of Configured, Disabled, or Unknown; blank for other platforms.
        • Last Seen: timestamp of the last contact between Duo’s service and the activated Duo Mobile app installed on the phone; blank if the device has never activated Duo Mobile or if the platform does not support it.
        • Model: phone’s model
        • Name: phone’s label
        • Number: phone number
        • Phone ID: phone’s ID
        • Platform: phone platform; one of unknown, google android, apple ios, windows phone 7, rim blackberry, java j2me, palm webos, symbian os, windows mobile, or generic smartphone.
        • Postdelay: time (in seconds) to wait after the extension is dialed and before the speaking the prompt
        • Predelay: time (in seconds) to wait after the number picks up and before dialing the extension
        • Screenlock: indicates whether screen lock is enabled on an Android or iOS phone; one of Locked, Unlocked, or Unknown; blank for other platforms.
        • SMS Passcode Sent?: indicates whether SMS passcodes have been sent to the phone; either true or false.
        • Tampered: indicates whether an iOS or Android device is jailbroken or rooted; one of Not Tampered, Tampered, or Unknown; blank for other platforms.
        • Type: type of phone; one of unknown, mobile, or landline.
      • Tokens:
        • Token ID: hardware token’s unique identifier
        • Type: type of hardware token
        • Serial: serial number of the hardware token, used to uniquely identify the hardware token when paired with type
        • TOTP Step: null for all supported token types
      • U2F Tokens:
        • Date Added: date the U2F token was registered in Duo
        • Registration ID: U2F token’s registration identifier
      • WebAuthn Credentials:
        • Credential Name: label for the WebAuthn credential
        • Date Added: date the WebAuthn credential was registered in Duo
        • Label: indicates the type of WebAuthn credential; either Security Key or Touch ID.
        • WebAuthn Key: WebAuthn credential’s registration identifier
  • Remove User from Group

    Remove a user from a group in Duo Security Admin.

    Required fields are indicated by a red asterisk.

    Input Fields

    Info

    • User ID (text): unique identifier of the user
    • Group ID (text): unique identifier of the group

    Output Fields

    • Status Code: success or failure of your HTTP request; here is a list of all status codes
    • Body: body of the success or failure message
  • Search User

    Search for a user in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Input

    • User
      • Username: user’s primary Duo username

    Output

    • User
      • User ID: unique identifier of the newly created user
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Created: date timestamp when user account was created
      • Groups:
        • Name: group’s name
        • ID: group’s ID
        • Description: group’s description
        • Status: group’s authentication status; one of active, bypass, or disabled.
        • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.
        • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.
        • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.
        • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.
      • Is Enrolled?: true if the user has a phone, hardware token, U2F token, or security key available for authentication; otherwise, false.
      • Last Directory Sync: timestamp of the last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.
      • Last Login: last time this user logged in, as a UNIX timestamp, or null if the user has not logged in
      • Status: user’s status:
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
        • locked out: user has been automatically locked out due to excessive authentication attempts
        • pending deletion: user was marked for deletion by a Duo admin from the Admin Panel, by the system for inactivity, or by directory sync; if not restored within seven days, the user is permanently deleted.
      • Phones:
        • Activated?: indicates whether a phone has been activated for Duo Mobile; either true or false.
        • Capabilities: list of factors that can be used with the device:
          • push: device is activated for Duo Push
          • phone: device can receive phone calls
          • sms: device can receive batches of SMS passcodes
          • mobile_otp: device can generate passcodes with Duo Mobile
        • Encrypted: encryption status of an Android or iOS device file system; one of Encrypted, Unencrypted, or Unknown; blank for other platforms.
        • Extension: phone extension
        • Fingerprint: indicates whether an Android or iOS phone is configured for biometric verification; one of Configured, Disabled, or Unknown; blank for other platforms.
        • Last Seen: timestamp of the last contact between Duo’s service and the activated Duo Mobile app installed on the phone; blank if the device has never activated Duo Mobile or if the platform does not support it.
        • Model: phone’s model
        • Name: phone’s label
        • Number: phone number
        • Phone ID: phone’s ID
        • Platform: phone platform; one of unknown, google android, apple ios, windows phone 7, rim blackberry, java j2me, palm webos, symbian os, windows mobile, or generic smartphone.
        • Postdelay: time (in seconds) to wait after the extension is dialed and before the speaking the prompt
        • Predelay: time (in seconds) to wait after the number picks up and before dialing the extension
        • Screenlock: indicates whether screen lock is enabled on an Android or iOS phone; one of Locked, Unlocked, or Unknown; blank for other platforms.
        • SMS Passcode Sent?: indicates whether SMS passcodes have been sent to the phone; either true or false.
        • Tampered: indicates whether an iOS or Android device is jailbroken or rooted; one of Not Tampered, Tampered, or Unknown; blank for other platforms.
        • Type: type of phone; one of unknown, mobile, or landline.
      • Tokens:
        • Token ID: hardware token’s unique identifier
        • Type: type of hardware token
        • Serial: serial number of the hardware token, used to uniquely identify the hardware token when paired with type
        • TOTP Step: null for all supported token types
      • U2F Tokens:
        • Date Added: date the U2F token was registered in Duo
        • Registration ID: U2F token’s registration identifier
      • WebAuthn Credentials:
        • Credential Name: label for the WebAuthn credential
        • Date Added: date the WebAuthn credential was registered in Duo
        • Label: indicates the type of WebAuthn credential; either Security Key or Touch ID.
        • WebAuthn Key: WebAuthn credential’s registration identifier
  • Update User

    Update a user in Duo Security Admin.

    Unless otherwise indicated, field types are text.

    Required fields are indicated by a red asterisk.

    Input

    • User
      • User ID: unique identifier of the user
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Status (dropdown): user’s Duo status;
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Notes: Free text field for additional user information

    Output

    • User
      • User ID: unique identifier of the newly created user
      • Username: user’s primary Duo username
      • First Name: user’s first name
      • Last Name: user’s last name
      • Full Name: user’s full name
      • Email: user’s email address
      • Alias 1, Alias 2, Alias 3, Alias 4: additional username aliases
      • Created: date timestamp when user account was created
      • Groups:
        • Name: group’s name
        • ID: group’s ID
        • Description: group’s description
        • Status: group’s authentication status; one of active, bypass, or disabled.
        • Mobile OTP Enabled?: if true, users in the group will be able to authenticate with a passcode generated by Duo Mobile; if false, users in the group will not be able to authenticate with a passcode generated by Duo Mobile. Note: This setting has no effect if Duo Mobile passcodes are disabled globally.
        • Push Enabled?: if true, users in the group will be able to use Duo Push to authenticate; if false, users in the group will not be able to use Duo Push to authenticate. Note: This setting has no effect if Duo Push is disabled globally.
        • SMS Enabled?: if true, users in the group will be able to use SMS passcodes to authenticate; if false, users in the group will not be able to use SMS passcodes to authenticate. Note: This setting has no effect if SMS passcodes are disabled globally.
        • Voice Enabled?: if true, users in the group will be able to authenticate with a voice callback; if false, users in the group will not be able to authenticate with a voice callback. Note: This setting has no effect if voice callback is disabled globally.
      • Is Enrolled?: true if the user has a phone, hardware token, U2F token, or security key available for authentication; otherwise, false.
      • Last Directory Sync: timestamp of the last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.
      • Last Login: last time this user logged in, as a UNIX timestamp, or null if the user has not logged in
      • Status: user’s status:
        • active: user must complete secondary authentication
        • bypass: user will bypass secondary authentication after completing primary authentication
        • disabled: user will not be able to log in
        • locked out: user has been automatically locked out due to excessive authentication attempts
        • pending deletion: user was marked for deletion by a Duo admin from the Admin Panel, by the system for inactivity, or by directory sync; if not restored within seven days, the user is permanently deleted.
      • Phones:
        • Activated?: indicates whether a phone has been activated for Duo Mobile; either true or false.
        • Capabilities: list of factors that can be used with the device:
          • push: device is activated for Duo Push
          • phone: device can receive phone calls
          • sms: device can receive batches of SMS passcodes
          • mobile_otp: device can generate passcodes with Duo Mobile
        • Encrypted: encryption status of an Android or iOS device file system; one of Encrypted, Unencrypted, or Unknown; blank for other platforms.
        • Extension: phone extension
        • Fingerprint: indicates whether an Android or iOS phone is configured for biometric verification; one of Configured, Disabled, or Unknown; blank for other platforms.
        • Last Seen: timestamp of the last contact between Duo’s service and the activated Duo Mobile app installed on the phone; blank if the device has never activated Duo Mobile or if the platform does not support it.
        • Model: phone’s model
        • Name: phone’s label
        • Number: phone number
        • Phone ID: phone’s ID
        • Platform: phone platform; one of unknown, google android, apple ios, windows phone 7, rim blackberry, java j2me, palm webos, symbian os, windows mobile, or generic smartphone.
        • Postdelay: time (in seconds) to wait after the extension is dialed and before the speaking the prompt
        • Predelay: time (in seconds) to wait after the number picks up and before dialing the extension
        • Screenlock: indicates whether screen lock is enabled on an Android or iOS phone; one of Locked, Unlocked, or Unknown; blank for other platforms.
        • SMS Passcode Sent?: indicates whether SMS passcodes have been sent to the phone; either true or false.
        • Tampered: indicates whether an iOS or Android device is jailbroken or rooted; one of Not Tampered, Tampered, or Unknown; blank for other platforms.
        • Type: type of phone; one of unknown, mobile, or landline.
      • Tokens:
        • Token ID: hardware token’s unique identifier
        • Type: type of hardware token
        • Serial: serial number of the hardware token, used to uniquely identify the hardware token when paired with type
        • TOTP Step: null for all supported token types
      • U2F Tokens:
        • Date Added: date the U2F token was registered in Duo
        • Registration ID: U2F token’s registration identifier
      • WebAuthn Credentials:
        • Credential Name: label for the WebAuthn credential
        • Date Added: date the WebAuthn credential was registered in Duo
        • Label: indicates the type of WebAuthn credential; either Security Key or Touch ID.
        • WebAuthn Key: WebAuthn credential’s registration identifier