/identity/mfa/method/duo - HTTP API

A new platform for documentation and tutorials is launching soon.

We are migrating Vault documentation into HashiCorp Developer, our new developer experience.

»Configure Duo MFA Method

This endpoint defines an MFA method of type Duo.

Method	Path
`POST`	`/identity/mfa/method/duo/:id`

»Parameters

id (string: "") - Optional UUID to specify if updating an existing method.
username_format (string) - A template string for mapping Identity names to MFA methods. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}". If blank, the Entity's Name field is used as-is.
secret_key (string: <required>) - Secret key for Duo.
integration_key (string: <required>) - Integration key for Duo.
api_hostname (string: <required>) - API hostname for Duo.
push_info (string) - Push information for Duo.
use_passcode (bool: false) - If true, the user is reminded to use the passcode upon MFA validation.

»Sample Payload

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "secret_key": "BIACEUEAXI20BNWTEYXT",
  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
  "api_hostname": "api-2b5c39f5.duosecurity.com"
}

{
  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
  "secret_key": "BIACEUEAXI20BNWTEYXT",
  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
  "api_hostname": "api-2b5c39f5.duosecurity.com"
}

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»Read Duo MFA Method

This endpoint queries the MFA configuration of Duo type for a given method ID.

Method	Path
`GET`	`/identity/mfa/method/duo/:id`

»Parameters

id (string: <required>) – UUID of the MFA method.

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»Sample Response

{
  "data": {
    "api_hostname": "api-2b5c39f5.duosecurity.com",
    "id": "4194659f-139b-400b-b5dd-86bfb726759d",
    "integration_key": "BIACEUEAXI20BNWTEYXT",
    "pushinfo": "",
    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
    "type": "duo",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
    "use_passcode": false
  }
}

{
  "data": {
    "api_hostname": "api-2b5c39f5.duosecurity.com",
    "id": "4194659f-139b-400b-b5dd-86bfb726759d",
    "integration_key": "BIACEUEAXI20BNWTEYXT",
    "pushinfo": "",
    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
    "type": "duo",
    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
    "use_passcode": false
  }
}

»Delete Duo MFA Method

This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use by a login enforcement.

Method	Path
`DELETE`	`/identity/mfa/method/duo/:id`

»Parameters

id (string: <required>) - UUID of the MFA method.

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

»List Duo MFA Methods

This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.

Method	Path
`LIST`	`/identity/mfa/method/duo`

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

»Sample Response

{
  "data": {
    "keys": [
      "4194659f-139b-400b-b5dd-86bfb726759d"
    ]
  }
}

{
  "data": {
    "keys": [
      "4194659f-139b-400b-b5dd-86bfb726759d"
    ]
  }
}