Provisioning Policy Attributes

The following generators create required information for a new Duo account when you set up the Duo source. You might need to edit the contents.

Generator is Static. The default value is 'User'. When you want to manage as administrator, this value need to be set as "Administrator" in the Static Value field.

This is an Identity Attribute. The Duo user name as taken from the SailPoint user name.

This is an Identity Attribute. The Duo administrator name as taken from the SailPoint user name.

This is an Identity Attribute. The email address of the user.

This is an Identity Attribute. The phone number of the user.

It is disabled by default. The real name of the user.

It is disabled by default. The password of the administrator user.

The Duo source supports password management of Duo administrators for external management of the password on the Duo native system. Refer to the following details:

  • has_external_password_mgmt: Set this to true in the Static Value field for the administrator's password along with the password attribute. Set it to false if passwords are self-managed. The default value is false.

  • password: Provide the password for the Duo administrator after setting the has_external_password_mgmt attribute to true.

It is disabled by default. This is the Duo administrator role.

The default role ‘Owner’ is assigned to the administrator if the role value is not provided as available in the Duo managed System. To set this to other role, this must be configured as 'Static' and the role name must be provided in the Static Value field.

Note
The phone_type and phone_platform attributes are supported as Create Profile attributes and while configuring, both these attributes must be set in combination. Without providing values for both the attributes, for single or multiple phone numbers assigned to an account, the default phone type is set as 'Mobile' and default phone platform is set as 'Generic Smartphone' in the Duo managed system.

User Attribute

The Duo connector creates a Duo user if the user_type = User attribute is present in the Create Profile section. If you have marked this attribute as Disabled, while creating a Duo user, you may change that and set this value as User as per your requirement.

You can also skip this usage and retain the Disabled as a value.

There is no impact and change in creation of a Duo administrator and user_type must be set to Administrator while creating the Duo administrator.