Search Vault documentation » Configure Duo MFA MethodThis endpoint defines an MFA method of type Duo.
Method Path POST
/identity/mfa/method/duo/:id
» Parametersid
(string: "")
- Optional UUID to specify if updating an existing method.
username_format
(string)
- A template string for mapping Identity names to MFA methods. Values to substitute should be placed in {{}}
. For example, "{{identity.entity.name}}"
. If blank, the Entity's Name field is used as-is.
secret_key
(string: <required>)
- Secret key for Duo.
integration_key
(string: <required>)
- Integration key for Duo.
api_hostname
(string: <required>)
- API hostname for Duo.
push_info
(string)
- Push information for Duo.
use_passcode
(bool: false)
- If true, the user is reminded to use the passcode upon MFA validation.
» Sample Payload{
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"secret_key" : "BIACEUEAXI20BNWTEYXT" ,
"integration_key" : "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz" ,
"api_hostname" : "api-2b5c39f5.duosecurity.com"
}
{
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"secret_key" : "BIACEUEAXI20BNWTEYXT" ,
"integration_key" : "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz" ,
"api_hostname" : "api-2b5c39f5.duosecurity.com"
}
» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
» Read Duo MFA MethodThis endpoint queries the MFA configuration of Duo type for a given method
ID.
Method Path GET
/identity/mfa/method/duo/:id
» Parametersid
(string: <required>)
– UUID of the MFA method.» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
» Sample Response{
"data" : {
"api_hostname" : "api-2b5c39f5.duosecurity.com" ,
"id" : "4194659f-139b-400b-b5dd-86bfb726759d" ,
"integration_key" : "BIACEUEAXI20BNWTEYXT" ,
"pushinfo" : "" ,
"secret_key" : "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz" ,
"type" : "duo" ,
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"use_passcode" : false
}
}
{
"data" : {
"api_hostname" : "api-2b5c39f5.duosecurity.com" ,
"id" : "4194659f-139b-400b-b5dd-86bfb726759d" ,
"integration_key" : "BIACEUEAXI20BNWTEYXT" ,
"pushinfo" : "" ,
"secret_key" : "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz" ,
"type" : "duo" ,
"username_format" : "{{identity.entity.aliases.auth_userpass_1793464a.name}}" ,
"use_passcode" : false
}
}
» Delete Duo MFA MethodThis endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use
by a login enforcement .
Method Path DELETE
/identity/mfa/method/duo/:id
» Parametersid
(string: <required>)
- UUID of the MFA method.» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
» List Duo MFA MethodsThis endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.
Method Path LIST
/identity/mfa/method/duo
» Sample Request$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
» Sample Response{
"data" : {
"keys" : [
"4194659f-139b-400b-b5dd-86bfb726759d"
]
}
}
{
"data" : {
"keys" : [
"4194659f-139b-400b-b5dd-86bfb726759d"
]
}
}