Skip to content

Activity Insights - Duo

To display activity data from Duo, you can set up a single SaaS connector or configure both a virtual appliance (VA) and Activity Insights - Duo connector.

Configuring Activity Insights Using the Duo SaaS Connector

If you are using the Duo SaaS connector, follow the connector guide to enable Activity Insights.

After a successful test connection, you must correlate accounts and run an aggregation for the Duo source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Note

If you previously configured both the Duo identity governance and Activity Insights - Duo connectors, you do not have to take additional action to continue receiving your data.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you must first register an API client in Duo. You'll then configure both the Duo identity governance and Activity Insights - Duo connectors so that Identity Security Cloud can gather your account information and display activity data.

Registering an API Client

You must have the Owner role to create or modify an API application within the Duo Admin panel.

  1. Go to the Duo Admin panel.

  2. Select Applications > Protect Applications from the navigation menu.

  3. Enter admin_api in the search bar and select Protect beside the Admin API option.

  4. In the Details section, copy the information from the Integration key, Secret key, and API hostname fields. You’ll need this information when you connect Duo to Identity Security Cloud.

  5. In the Settings section, enter a name for the Admin API application.

  6. Grant the Admin API application the following permission:

    Permissions Description
    Grant read log The Admin API application can read authentication, offline access, telephony, and administrator action log information.

  7. Select Save Changes to create the application.

You can now enter the credentials from the Admin API application into Identity Security Cloud.

Configuring the Duo Identity Governance Source

Follow the directions to configure your Duo source in Identity Security Cloud. You can also edit an existing source.

Configuring the Activity Insights - Duo Source

To display activity data from Activity Insights, you must configure the Activity Insights - Duo source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources.
  2. Select Create New to create a new source.
  3. Search for and select the Activity Insights - Duo connector.
  4. Enter a name and description for the source.
  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
  6. (Optional) Select a governance group for source management.
  7. Select the checkbox if the source is an authoritative source. 
  8. Select Continue to create the source.
  9. From the left panel, select Configuration in the Source Setup section.

  10. On the Authentication page, enter the following information:

    • Integration Key - The Integration key from Duo.
    • Secret Key - The Secret key from Duo.
    • API Host - The API hostname from Duo.
    • Identity Governance Source Name - The name of the source you created for the identity governance connector. If no matching source is found, the test connection will fail.

  11. Select Save to save these settings.

  12. From the left panel, select Review and Test in the Source Setup section.
  13. On the Configuration Summary page, select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.

To gather account data, you must correlate accounts and run an aggregation for the Duo identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Required Permissions

Your account must have the Owner role to create or modify an API application within the Duo Admin panel.

Requested Scopes

Identity Security Cloud requests the following scopes:

Scope Description
Grant read log The Admin API application can read authentication, offline access, telephony, and administrator action log information.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.