![]() You'll need this information to complete your setup. and get your Client ID, Client secret, and API hostname. Click Protect to the far-right to configure the application. Log in to the Duo Admin Panel and navigate to Applications.Ĭlick Protect an Application and locate the entry for Okta in the applications list.Contact Okta support for assistance with planning sign-on policies and rules to support your migration. When your users have completed registration of the new Duo OIDC factor in Okta, you can phase out the original Duo Security MFA integration and disable the "Duo Security" legacy factor.Įducating your users about what to expect during the migration period is essential to your success. Then, pilot enrollment in both the legacy Duo Security factor and the new Duo OIDC IdP factor in Okta with expanding groups of users. The recommendation from Okta is to leave your existing Duo Security MFA factor intact and create a new Okta application in Duo to use for the IdP factor. ![]() When both the IdP factor and the Duo Security MFA factor are active, then users subject to an effective sign-on policy that requires multifactor will see both the traditional Duo Prompt factor and the new Duo OIDC factor available for them to use in Okta. Plan to migrate your users to the new Duo OIDC IdP factor with Duo Universal Prompt from the legacy Duo Security MFA factor (with traditional Duo Prompt) in stages. Migration from Duo MFA Factor to Duo OIDC Factor See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo no longer supports TLS 1.0 or 1.1 connections or insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. Deploy the traditional Duo Prompt Okta MFA Factor configuration instead. Duo Federal plans do not include support for the Duo custom OIDC IdP factor solution. Duo Requirementsĭuo MFA for Okta with Universal Prompt is available to Duo Premier, Duo Advantage, and Duo Essentials commercial plans. If you have concerns about your upcoming platform migration please contact Okta support. If unsure, confirm with Okta Support.Ĭustom factor-only identity providers and sign-on policies created for Duo in Okta Classic should remain intact through an Okta Identity Engine tenant migration. Okta Identity Engine customers - You should already have the required features enabled in your Okta tenant. TOP_WINDOW_REAUTH_FROM_ENDUSER_SETTINGS.Okta Classic customers - Contact Okta Support and request that they enable these features in your Okta tenant to allow use of the Open ID Connect IdP identity provider: Without these features in place you may not see all the options and settings needed for configuration. Prerequisites Okta RequirementsĮnsure your Okta tenant has the features necessary for Duo as an OIDC factor. You are ready to add your YorkU account.If you want to update an existing Okta MFA factor showing the traditional Duo Prompt to an Okta OIDC factor showing the Duo Universal Prompt then please review the Migration from Duo MFA Factor to Duo OIDC Factor information. (You need to enable notifications from Duo, so that you can receive the push notifications and approve the Duo authentication requests) Tap ‘ Allow’ to enable notifications from Duo Mobile. After Duo Mobile has been installed, tap on ‘ Open’ to open the app. Next to the application, tap on download to install Duo Mobile ![]() Then select ‘ Duo Mobile’ from the search results. In the Search Bar, enter ‘ Duo Mobile’ and then tap ‘ Search’. Go to the App Store (iOS devices) or Google Play Store (Android devices) on your mobile phone. Ensure that you know your password before you begin. ![]() (iii) You may need your password for your device’s App store or Google Play Store to download the application. There is no fee or charge for downloading or installing the application. If you do not have a compatible phone, please check the other 2FA methods. (i) Duo Mobile is supported on Android version 8 and above, and iOS 12 and above.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |