Skip navigation

Contents

Duo integrates with Okta to add two-factor authentication, complete with inline self-service enrollment and authentication prompt.

Duo and Okta

Duo Security’s authentication platform secures access to Okta, extending two-factor protection to web applications launched from a Okta browser session.

You may need to contact Okta Support to have the Duo Multifactor option enabled for your account before you can complete setup.

First Steps

  1. Sign up for a Duo account.
  2. Log in to the Duo Admin Panel and navigate to Applications.
  3. Click Protect an Application and locate Okta in the applications list. Click Protect this Application to get your integration key, secret key, and API hostname. (See Getting Started for help.)

Enable Okta New Sign-in Page

We recommend enabling Okta's "New Sign-In Page" so your users can take advantage of Duo's interative prompt. To turn this feature on:

  1. Navigate to SettingsAppearance as an Okta administrator.

  2. Click the Edit button next to "Sign-in Configuration".

  3. Change the New Sign-In Page option to Enable. Optionally upload a background image, and then click *Save**.

    Okta Sign-in Page Configuration

Configure Okta Authentication

  1. Log into your Okta account as an administrator and click the Admin button.
  2. Navigate to SecurityAuthentication. Click on Duo then click the "Duo Security Settings" Edit button. If you don't see Duo Security listed, contact Okta Support to have it enabled on your account.

    Okta Authentication Settings

  3. Fill out the form with your Duo Okta application information as follows.

    Integration Key Your integration key
    Secret Key Your secret key
    API Hostname Your API hostname (i.e. api-XXXXXXXX.duosecurity.com)
    Duo Username Format Select the name format used to log in to Okta.

    Click the Save button when done.

    Enter Okta Duo Application Information

  4. While still on the "Authentication" settings page, click on Multifactor and click the "Factor Types" Edit button.

    Okta Authentication Factors

  5. Select Duo Security and click Save.

    Okta Authentication Factors

  6. Click the Security menu at the top and go to Policies. Click the Okta Sign-on tab.

  7. You can either add a new rule for Duo Authentication to an existing policy, or create a new policy for Duo and assign it to specific groups. In this example, we'll turn on Duo for all users in the "Default Policy".

    Click on the Default Policy, and then click the Add Rule button. Enter a name for your new Duo rule and exclude any users you don't want using Duo when logging in to Okta. Check the Prompt for Factor box to enable secondary authentication and determine whether you want 2FA required "Per Device", "Every Time", or "Per Session". Choose your desired options for the other rule settings and click Create Rule when finished.

    Okta Authentication Factors

  8. The Okta sign-on policy shows your new Duo rule.

    Okta Sign-on Policy

Learn more about creating Okta policies or see additional information about configuring Duo authentication in the Okta online help center.

Please contact Okta support if you have any questions about the integration or need assistance configuring your authentication and multifactor settings. Contact Duo Support for assistance with the Duo service.

Test Your Setup

Okta prompts new, unenrolled Duo users to setup multifactor authentication at the first login to Okta after Duo is enabled. Click the Setup button for Duo Security.

Okta User Duo Setup

A "Setup Duo Security" window displays the Duo enrollment prompt. Complete Okta's multifactor setup by stepping through Duo enrollment.

Okta Duo Setup Wizard

When Duo enrollment is completed, users can choose one of the Duo authentication options to access Okta.

Okta Duo Authentication

If you didn't enable Okta's new sign-in page then users see a different Duo multifactor prompt. This prompt doesn't allow for inline enrollment or device management. Okta Duo Authentication

Troubleshooting

Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.

Ready to Get Started?

Sign Up Free