# Duo Security This topic describes how to configure the Duo Security administration panel to [integrate with the Aisera](https://aisera.com/integrations/) Gen AI platform. The screenshots from the Duo Admin Panel come from the official Duo Documentation page. Please refer to the Duo Documentation for the latest information. ## Prerequisite Create a Duo Account so that you have an email address with a corresponding password that allows you to access the Admin Panel via the [Duo Admin Login](https://admin.duosecurity.com/login?next=%2F). The account must be one of the following types : Duo Beyond, Duo Access, or Duo MFA plan.\ If this is the first time someone in your organization has set up an admin account, follow the instructions here : [First-Time Administrator Account Setup](https://duo.com/docs/administration#first-time-administrator-account-setup). ## Access the Duo Admin Panel Login to Duo Admin panel via [Duo Admin Login](https://admin.duosecurity.com/login?next=%2F) using the administration account email address. Depending on the configuration of the account it will require: 1. Password or 2. Single-sign on (SSO) or 3. One of the two options above ## Use-cases If you only need the Duo Security software for **authentication**, like sending and checking push notifications, you only need the **Duo Auth API** integration. If you also need **administrative** actions, like enrolling new users and heir devices, integrate with **Duo Admin API** also. ### Protect an Application To protect the **Duo Admin API** and/or **Duo Auth API:** 1. Navigate to the Duo Admin Panel. 2. Click **Applications** in the left sidebar.

Duo Admin Panel

2. Click **Protect an Application** in the left sidebar or choose the **Protect an Application** button in the upper right corner of the page.

Protect an Application

3. Search/select the **Duo Auth API**/**Duo Admin API** from the available applications and click the protect button. A new application is created with the name `Duo Auth API/Duo Admin API`.

Protect Buttons

4. After creating the **Duo Auth API**/**Duo Admin API** application, you are re-directed to the application’s Properties page. The integration details are in the **Details** section at the top of the page.

Integration Details

The **Integration key**, **Secret key** and **API hostname** information **are needed to connect** **with Aisera** side. ### Policies It is needed to enable the New User Policy in order to enroll new users properly for Duo Admin API. To do so : 1. Navigate to Duo Admin Panel 2. Click **Policies** in the left sidebar:

Policies Button

3. Scroll down to **Global Policy** and click the **Edit Global Policy** button.
4. **Enable the New User Policy**. We need this to enroll the new users using the Admin API remotely. ## Connect with Aisera To connect with the Aisera Gen AI platform, create a new integration with Duo: 1. Navigate to the **Settings > Integrations** window in the Aisera Admin UI.

Open the Integration Window

2. Click the **+ New Integration** button on the upper right corner.

New Integration Button

3. Find **Duo Security** by searching for the word `duo` in the search bar. 4. Select the Duo Security icon and click **Next** (lower right corner).

Choose Duo Security

5. Add a preferred name for the integration (such as, Duo Auth API/Duo Admin API) in the **Name** field and https\://**API hostname** in the **Endpoint** field (such as, `https://api-myhostname.duosecurity.com`). The API hostname can be found in the **Applications** section of the **Duo Admin Panel** (see Protect an Application, above). 6. Click **Next** button.

Setting Integration Parameters

7. As a final step, choose the **Basic** Auth Type and fill in the **Integration key** and the **Secret key** of the protected application from the Duo Admin Panel (see Protect an Application, above). 8. Click the **OK** button.
9. Create two different integrations if you're using both API’s, one for **Auth** and one for **Admin**. ### Duo Flows - Description Several Duo flows have been implemented for sending and checking the status of push notifications, and for administrative purposes. ### Duo Flows - Push Notifications For sending push notifications via Duo, you need two things: 1. Correct Duo **Auth** integration (described above). 2. Flows from the Flow Catalog. 3. There exist five distinct flows for Duo Admin purposes : * *Subflow: Duo Admin Enroll User* * *Subflow: Duo Admin Associate Phone to a User* * *Subflow: Duo - Remove an existing device for a specific user* * *Subflow: Duo Admin Retrieve userId* * *Subflow : Duo Admin Dublicate Phone* The first three flows are the ones that allow enrolling users/modifying devices, and the other two are subflows needed for the first three to be functional. The only configuration needed for these flows to be functional is the **host**, which is the endpoint mentioned at Duo Admin integration, and don’t forget to **link every Execute Rest Call action node with the existing Duo Admin Integration**:
\ **Double click these variables and fill them with the information from the Duo Auth integration**. **NOTE:** The host is the **Endpoint** field from the Duo Auth Integration. To send Duo Push notifications, the only thing you need is the **Username** of the user who will receive the push notification. If this is not your use case (ex user needs to be identified with Email rather than Username), please refer to your Aisera team for more options. ### Duo Flows - Enroll Users/Modify Devices You need two things to use Duo’s administrative functionality : 1. Correct Duo **Admin** integration (described above). 2. Flows from Flow Catalog. There are five distinct flows for Duo Admin purposes : * *Subflow: Duo Admin Enroll User* * *Subflow: Duo Admin Associate Phone to a User* * *Subflow: Duo - Remove an existing device for a specific user* * *Subflow: Duo Admin Retrieve userId* * *Subflow : Duo Admin Duplicate Phone* The first three flows allow enrolling users/modifying devices, and the other two are subflows needed for the first three to be functional. The only configuration needed for these flows to be functional is the **host**, which is the endpoint mentioned at Duo Admin integration, and don’t forget to **link every Execute Rest Call action node with the existing Duo Admin Integration**:

Edit Action

You can implement more functions for Duo administration purposes, as long as they are available in the [Duo Admin API documentation](https://duo.com/docs/adminapi#api-details).