Duo Security's two-factor authentication secures Central Authentication Server (CAS) identity provider logins, complete with self-service enrollment and Duo Prompt.
Apereo's CAS project version 5.0 and later include Duo as a multifactor provider, and has updated the Duo integration for the Duo Universal Prompt in version 6.3.0. See the CAS Documentation for configuration instructions.
This application communicates with Duo's service on TCP port 443. Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If your organization requires IP-based rules, please review this Duo KB article.
Previously, the Client ID was called the "Integration key" and the Client secret was called the "Secret key".
The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!
Duo's next-generation authentication experience, the Universal Prompt, is coming to web-based applications that display the current Duo Prompt in browsers.
Migration to Universal Prompt for your CAS (Central Authentication Service) application is a two-step process:
When you install the latest version of CAS you're ready to use Universal Prompt once it's released. When you create a new CAS (Central Authentication Service) application in the Duo Admin Panel, its "Universal Prompt" section shows the status as "Waiting on Duo". If you're configuring CAS (Central Authentication Service) now, proceed with the installation instructions in this document. When you're done, you'll see the current Duo prompt experience.
When the Universal Prompt becomes available, you'll return here to activate it for users of this application. The status will change to "New Prompt Ready", and you'll see the control here for turning it on or off. Until then, your users continue to experience the current Duo prompt.
CAS needs a software update from Apereo installed to support the Universal Prompt when it's ready. The "Universal Prompt" section reflects this status as "App Update Ready" today. To update the CAS (Central Authentication Service) Duo application to a newer version, follow the update directions below.
Once a user authenticates to CAS via the updated Duo plugin, the "Universal Prompt" section of the CAS (Central Authentication Service) application page reflects this status as "Waiting on Duo".
When the Universal Prompt becomes available, you'll return here to activate it for users of this application. The status will change to "New Prompt Ready", and you'll see the control here for turning it on or off. Until then, your users continue to experience the current Duo prompt. Your users will also continue to see the current Duo Prompt if you haven't updated your Duo application software.
Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support.
Read the Universal Prompt Update Guide for more information about the update process to support the new prompt, and watch the Duo Blog for future updates about the Duo Universal Prompt.
If you've updated your eligible application so that its update status shows "New Prompt Ready" and you're interested in participating in a private preview of the Universal Prompt experience, please apply using this form.
CAS release 6.3.0 is the first with support for Duo Universal Prompt. After installing CAS 6.3.0 (or later), configure the Duo Security multifactor provider within CAS, using the application information from the First Steps instructions above.
If you are running CAS versions below 6.3.0, you'll need to upgrade your CAS installation to version 6.3.0 or later to be able to use the Universal Prompt. Consult the CAS Upgrade Guide for more information about planning your upgrade, and use the Duo Security multifactor provider instructions to configure Duo after your CAS upgrade.
Need some help? Take a look at our CAS Knowledge Base articles or Community discussions. For further assistance, contact Support.