Skip navigation
Documentation

Duo Central

Last Updated: October 22nd, 2020

Contents

Duo Central is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.

Overview

Duo Central, part of Duo Single Sign-On, is a cloud-hosted portal that your users can visit to get access to all of your organization's applications and links.

Duo Central Example

Prerequisites

Before you start using Duo Central make sure to meet all the requirements described below:

  • A Duo Admin with the Owner, Administrator, or Application Manager role.
  • Duo Single Sign-On enabled and configured with an authentication source.

Enable Duo Central

Role required: Owner, Administrator, or Application Manager

  1. Log in to the Duo Admin Panel, click Single Sign-On in the navigation bar on the left, and then click Duo Central.

  2. Review the information on the "Duo Central" page. Once you're ready, click Get Started. You'll be taken to a new page.

Configure Duo Central

The Duo Central Configuration & Policy tab allows you to configure a help link, custom URL, custom policies and more.

  1. On the Duo Central Configuration & Policy tab the Duo Central name field controls the name shown to your users during a Duo Push to log into Duo Central and the name they see in their browser tab.

  2. The URL is the website address users will visit to log into Duo Central. If you do not already have a custom subdomain set, you can click Create your custom subdomain to do so.

  3. The Get Help link field allows you to enter a support URL from your organization that your users will be able to access from the Duo Central page to get support.

  4. The Self-Service Portal lets users add, update, and remove authentication devices from the Duo prompt. See the self-service portal documentation.

    To enable this feature for Duo Central, check the Show "My Settings and Devices" link in Duo 2FA prompt.

  5. You can restrict active Duo user access to Duo Central by checking the box Only allow authentication from users in certain groups next to "Permitted Groups". Learn more about permitted groups.

    Note that when this setting is configured it only applies the the login of Duo Central, not visibility of tiles. It also only affects users who exist in Duo with "Active" status. This does not affect application access for existing users with "Bypass" status or users who do not exist in Duo when the effective New User Policy for the application is set to allow access to unenrolled users.

    Duo Central Configuration page

  6. Under "Policy" you can create and assign application and group policies to Duo Central that control device security, allowed authenticators, and more. Learn more about policies.

  7. Under Settings you can configure a voice greeting, add administrative notes, and assign administrative units.

    Duo Central settings page

  8. Once you've made all the changes, click Save Settings. You'll be redirected to the Tiles tab.

  9. At the top of the Duo Central configuration page you can:

    • Allow access to Duo Central by toggling Status from "Offline" to "Online". A pop-up will appear asking you to confirm the change. This will globally control if the service is available for login.
    • Quickly find the link to navigate to Duo Central.

    Duo Central Tiles tab

Duo Universal Prompt

Duo's next-generation authentication experience, the Universal Prompt, is coming to web-based applications that display the current Duo Prompt in browsers.

Migration to Universal Prompt for your Central application is a two-step process:

  • Update the Central application to support the Universal Prompt.
  • Enable the Universal Prompt experience for users of that Central application (when the Universal Prompt becomes available)

We've already updated the Duo Central application to support the Universal Prompt when it's ready, so there's no action required on your part to update. The "Universal Prompt" section of this application's details page in the Admin Panel reflects this status today as "New Prompt Ready".

Universal Prompt Info - Application Updated

When the Universal Prompt becomes available, you'll return here to activate it for users of this application.

Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support.

Read the Universal Prompt Update Guide for more information about the update process to support the new prompt, and watch the Duo Blog for future updates about the Duo Universal Prompt.

Managing Tiles

There are two different types of tiles you can add to Duo Central:

  • Applications - Tiles that are for Duo-protected applications. These tiles inherit their names, permitted groups, and default logo from the application's configuration page.
  • Bookmarks - This type of tile is completely customized and can be used to provide one-click shortcuts to any URL not protected by Duo.

Add Application Tiles

  1. On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.

  2. In the "What do you want to add to Duo Central?" pop-up click Add application tile. You'll be taken to a new page.

  3. On the "Add Application Tiles" page you can select any of your existing Duo-protected applications to be added to Duo Central. Upon checking the box next to the application if the application does not have a checkmark in the "SSO" column you'll need to provide the Login URL of this application.

    Duo Central Add Applications Tiles page

  4. Once you've selected all your Duo applications you'd like to add as tiles click Add tiles. You'll be returned to the Duo Central "Tiles" tab.

    Duo Central Tiles tab with applications added

Add Bookmark Tiles

  1. On the Duo Central "Tiles" tab click Add tile. A pop-up will appear.

  2. In the "What do you want to add to Duo Central?" pop-up click Add bookmark tile. You'll be taken to a new page.

  3. On the "Add Bookmark Tile" page type in the name of the tile into the Display Name. You should see the name automatically updated in the "Tile preview".

  4. Type the URL you'd like the tile to link to into the URL field. Please note that URLs must start with http:// or https://.

  5. Under "Tile Preview" you can click Add custom logo to upload a custom image to your tile. The tile preview will automatically update to reflect the new image. If you'd like to remove the image click Delete custom logo.

  6. Next to "Permitted Groups" you can use Duo groups to control which users see a bookmark. By default all users will can see a bookmark but you can restrict this by click Display only to permitted groups and then choosing which groups should be able to see the bookmark.

  7. Once you've made all your changes, click Save at the top of the screen. You'll be returned to the Duo Central "Tiles" tab.

    Duo Central Add Bookmark Tile page

Editing Tiles

  1. On the Duo Central "Tiles" tab find the tile you'd like to edit and click Edit under the "Actions" column. You'll be taken to a new page.

  2. Depending on type of tile, you'll be able to edit different properties.

    • SSO Application tiles will only let you edit the custom logo. To change the name of the application or the permitted groups you'll need to visit the application's configuration page. Duo Central Edit SSO Tile page

    • Non-SSO Application tiles will allow you to edit the Login URL & custom logo. To change the name of the application or the permitted groups you'll need to visit the application's configuration page. Duo Central Edit application Tile page

    • Bookmark tiles will allow you to edit the name, URL, logo, and permitted groups. Duo Central Edit Bookmark Tile page

  3. Once you've made all your edits to a tile click Save at the top of the page. You'll be returned to the Duo Central "Tiles" tab.

Deleting Tiles

  1. On the Duo Central "Tiles" tab find the tile you'd like to edit and click Delete under the "Actions" column.

  2. A pop-up will appear asking you to confirm the tile deletion. Deleting an application tile does not delete the Duo-protected application. Click Yes, remove tile from Duo Central.

  3. The tile will be deleted and you'll be returned to the Duo Central "Tiles" tab.

    Duo Central Delete Tile

Logging into Duo Central

Once you've configured Duo Central and added tiles you're ready to login!

  1. Navigate to the URL link found on the Duo Central "Configuration & Policy" tab.

  2. You'll be required to authenticate through your Duo Single Sign-On authentication source and complete Duo two-factor authentication.

  3. Once you've successfully authenticated into Duo Central you can:

    • See all the tiles your account has permission to access.
    • Search for tiles by typing into the search bar at the top of the page.
    • Click on a tile to open a new tab taking you to the URL of the tile.
    • See your customer logo in the upper left-hand side of the page.
    • Clicking on your username in the upper right-hand side of the page will let you:
      • Find the "Get Help" link. If you did not add a "Get Help" link this will not be shown.
      • Switch between Tile & List view.
      • Logout of Duo Central.

    Duo Central Example Tile View