Activity Insights - Duo
Note
This page describes a Limited Availability feature. Contact your Customer Success team to opt in.
To display activity data from Activity Insights, you first must create an API client in Duo. You’ll then connect the following Duo sources, so IdentityNow can gather your Duo account information and activity data.
Duo | Allows you to manage your Duo accounts and groups in IdentityNow. |
Activity Insights - Duo | Works with your Duo identity governance connector to provide activity data for identities. |
Registering an API Client
You must have the Owner role to create or modify an API application within the Duo Admin panel.
-
Go to the Duo Admin panel.
-
Select Applications > Protect Applications from the navigation menu.
-
Enter
admin_api
in the search bar and select Protect beside the Admin API option. -
In the Details section, copy the information from the Integration key, Secret key, and API hostname fields. You’ll need this information when you connect Duo to IdentityNow.
-
In the Settings section, enter a name for the Admin API application.
-
Grant the Admin API application the following permission:
Permissions Description Grant read log The Admin API application can read authentication, offline access, telephony, and administrator action log information. -
Select Save Changes to create the application.
You can now enter the credentials from the Admin API application into IdentityNow.
Connecting Duo to IdentityNow
To connect Duo to IdentityNow, you’ll need to configure the following sources in IdentityNow. This will allow IdentityNow to gather account information and activity data from Duo.
You may connect your sources in any order.
Configuring the Duo Identity Governance Source
Follow the directions to configure your Duo source in IdentityNow. You can also edit an existing source.
Configuring the Activity Insights – Duo Source
To display activity data from Activity Insights, you must configure the Activity Insights – Duo source in IdentityNow.
- Go to Admin > Connections > Sources.
- Select Create New to create a new source.
- Search for and select the Activity Insights – Duo connector.
- Enter a source name.
- Enter a description for your source.
- In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.
- (Optional) Select a governance group for source management.
- Select Continue to create the source.
- Select Configuration from the left panel.
-
Enter the following information:
- Integration Key - The Integration key from Duo.
- Secret Key - The Secret key from Duo.
- API Host – The API hostname from Duo.
-
Select Save to save these settings.
- Select Review and Test from the left panel.
- Select Test Connection to test the connection between the applications. You must have a successful connection for IdentityNow to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support.
Your activity data will begin syncing immediately and will update every 24 hours. You must run an aggregation for the Duo source to gather accounts.
Required Permissions
Your account must have the Owner role to create or modify an API application within the Duo Admin panel.
Requested Scopes
IdentityNow requests the following scopes:
Scope | Description |
---|---|
Grant read log | The Admin API application can read authentication, offline access, telephony, and administrator action log information. |
User Metadata
IdentityNow pulls the following user metadata from Duo.
Field | Description |
---|---|
Groups | The groups the user belongs to in Duo. |
Status | The user’s status in Duo. For example, a user’s status can be “Active”, “Disabled”, or “Locked out”. |