Skip navigation

Duo Security is now a part of Cisco

Join us at the Cisco Partner Summit, Nov 13-15th in Las Vegas


Duo integrates with Okta to add two-factor authentication, complete with inline self-service enrollment and Duo Prompt.

Duo and Okta

Duo Security’s authentication platform secures access to Okta, extending two-factor protection to web applications launched from an Okta browser session.

You may need to contact Okta Support to have the Duo Multifactor option enabled for your account before you can complete setup.

Connectivity Requirements

This integration communicates with Duo's service on TCP port 443. Also, we do not recommend locking down your firewall to individual IP addresses, since these may change over time to maintain our service's high availability.

First Steps

  1. Sign up for a Duo account.
  2. Log in to the Duo Admin Panel and navigate to Applications.
  3. Click Protect an Application and locate Okta in the applications list. Click Protect this Application to get your integration key, secret key, and API hostname. (See Getting Started for help.)

Treat your secret key like a password

The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!

Enable Okta New Sign-in Page

We recommend enabling Okta's "New Sign-In Page" if you haven't already so your users can take advantage of the interactive Duo Prompt. To turn this feature on:

  1. Navigate to SettingsAppearance as an Okta administrator.

  2. Click the Edit button next to "Sign-in Configuration".

  3. Change the New Sign-In Page option to Enable. Optionally upload a background image, and then click *Save**.

    Okta Sign-in Page Configuration

Configure Okta Authentication

  1. Log into your Okta account as an administrator and click the Admin button.
  2. Navigate to SecurityAuthentication. Click on Duo then click the "Duo Security Settings" Edit button. If you don't see Duo Security listed, contact Okta Support to have it enabled on your account.

    Okta Authentication Settings

  3. Fill out the form with your Duo Okta application information as follows.

    Integration Key Your integration key (i.e. DIXXXXXXXXXXXXXXXXXX)
    Secret Key Your secret key
    API Hostname Your API hostname (i.e.
    Duo Username Format Select the name format used to log in to Okta.

    Click the Save button when done.

    Enter Okta Duo Application Information

  4. While still on the "Authentication" settings page, click on Multifactor and click the "Factor Types" Edit button.

    Okta Authentication Factors

  5. Select Duo Security and click Save.

    Okta Authentication Factors

  6. Click the Security menu at the top and go to Policies. Click the Okta Sign-on tab.

  7. You can either add a new rule for Duo Authentication to an existing policy, or create a new policy for Duo and assign it to specific groups. In this example, we'll turn on Duo for all users in the "Default Policy".

    Click on the Default Policy, and then click the Add Rule button. Enter a name for your new Duo rule and exclude any users you don't want using Duo when logging in to Okta. Check the Prompt for Factor box to enable secondary authentication and determine whether you want 2FA required "Per Device", "Every Time", or "Per Session". Choose your desired options for the other rule settings and click Create Rule when finished.

    Okta Authentication Factors

  8. The Okta sign-on policy shows your new Duo rule.

    Okta Sign-on Policy

Learn more about creating Okta policies or see additional information about configuring Duo authentication in the Okta online help center.

Please contact Okta support if you have any questions about the integration or need assistance configuring your authentication and multifactor settings. Contact Duo Support for assistance with the Duo service.

Test Your Setup

Okta prompts new, unenrolled Duo users to setup multifactor authentication at the first login to Okta after Duo is enabled. Click the Setup button for Duo Security.

Okta User Duo Setup

A "Setup Duo Security" window displays the Duo enrollment prompt. Complete Okta's multifactor setup by stepping through Duo enrollment.

Okta Duo Setup Wizard

When Duo enrollment is completed, users can choose one of the Duo authentication options to access Okta.

Okta Duo Authentication

If you didn't enable Okta's new sign-in page then users see a different Duo multifactor prompt. This prompt doesn't allow for inline enrollment or device management. Okta Duo Authentication


Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.

Ready to Get Started?

Sign Up Free