The Vault website is being redesigned to help you find what you are looking for more effectively.

Type '/' to Search

»Configure Duo MFA Method

This endpoint defines an MFA method of type Duo.

MethodPath
POST/identity/mfa/method/duo/:id

»Parameters

  • id (string: "") - Optional UUID to specify if updating an existing method.

  • username_format (string) - A template string for mapping Identity names to MFA methods. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}". If blank, the Entity's Name field is used as-is.

  • secret_key (string: <required>) - Secret key for Duo.

  • integration_key (string: <required>) - Integration key for Duo.

  • api_hostname (string: <required>) - API hostname for Duo.

  • push_info (string) - Push information for Duo.

  • use_passcode (bool: false) - If true, the user is reminded to use the passcode upon MFA validation.

»Sample Payload

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "secret_key": "BIACEUEAXI20BNWTEYXT",
  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
  "api_hostname": "api-2b5c39f5.duosecurity.com"
}

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "secret_key": "BIACEUEAXI20BNWTEYXT",
  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
  "api_hostname": "api-2b5c39f5.duosecurity.com"
}

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»Read Duo MFA Method

This endpoint queries the MFA configuration of Duo type for a given method ID.

MethodPath
GET/identity/mfa/method/duo/:id

»Parameters

  • id (string: <required>) – UUID of the MFA method.

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d


$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»Sample Response

{
  "data": {
    "api_hostname": "api-2b5c39f5.duosecurity.com",
    "id": "4194659f-139b-400b-b5dd-86bfb726759d",
    "integration_key": "BIACEUEAXI20BNWTEYXT",
    "pushinfo": "",
    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
    "type": "duo",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
    "use_passcode": false
  }
}

{
  "data": {
    "api_hostname": "api-2b5c39f5.duosecurity.com",
    "id": "4194659f-139b-400b-b5dd-86bfb726759d",
    "integration_key": "BIACEUEAXI20BNWTEYXT",
    "pushinfo": "",
    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
    "type": "duo",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
    "use_passcode": false
  }
}

»Delete Duo MFA Method

This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use by a login enforcement.

MethodPath
DELETE/identity/mfa/method/duo/:id

»Parameters

  • id (string: <required>) - UUID of the MFA method.

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d


$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»List Duo MFA Methods

This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.

MethodPath
LIST/identity/mfa/method/duo

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo


$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

»Sample Response

{
  "data": {
    "keys": [
      "4194659f-139b-400b-b5dd-86bfb726759d"
    ]
  }
}

{
  "data": {
    "keys": [
      "4194659f-139b-400b-b5dd-86bfb726759d"
    ]
  }
}