duo

Create Duo MFA method

This endpoint creates a new MFA method of type Duo.

Method	Path
`POST`	`/identity/mfa/method/duo`

Parameters

method_name (string) - The unique name identifier for this MFA method. Supported from Vault 1.13.0.
username_format (string) - A template string for mapping Identity names to MFA methods. Values to substitute should be placed in {{}}. For example, "{{identity.entity.name}}". If blank, the Entity's Name field is used as-is.
secret_key (string: <required>) - Secret key for Duo.
integration_key (string: <required>) - Integration key for Duo.
api_hostname (string: <required>) - API hostname for Duo.
push_info (string) - Push information for Duo.
use_passcode (bool: false) - If true, the user is reminded to use the passcode upon MFA validation.

Sample payload

{  "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",  "secret_key": "BIACEUEAXI20BNWTEYXT",  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",  "api_hostname": "api-2b5c39f5.duosecurity.com",  "method_name": "ns1_duo"}

Sample request

$ curl \    --header "X-Vault-Token: ..." \    --request POST \    --data @payload.json \    http://127.0.0.1:8200/v1/identity/mfa/method/duo

Sample response

{  "data": {    "method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b"  }}

Update Duo MFA method

This endpoint updates the configuration of an MFA method of type Duo.

Method	Path
`POST`	`/identity/mfa/method/duo/:method_id`

Parameters

method_id (string: <required>) - UUID of the MFA method.
and all of the parameters documented under the preceding "Create" endpoint.

Sample payload

Identical to the preceding "Create" endpoint.

Sample request

$ curl \    --header "X-Vault-Token: ..." \    --request POST \    --data @payload.json \    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

Read Duo MFA method

This endpoint queries the MFA configuration of Duo type for a given method ID.

Method	Path
`GET`	`/identity/mfa/method/duo/:method_id`

Parameters

id (string: <required>) – UUID of the MFA method.

Sample request

$ curl \    --header "X-Vault-Token: ..." \    --request GET \    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

Sample response

{  "data": {    "api_hostname": "api-2b5c39f5.duosecurity.com",    "id": "4194659f-139b-400b-b5dd-86bfb726759d",    "integration_key": "BIACEUEAXI20BNWTEYXT",    "pushinfo": "",    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",    "type": "duo",    "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",    "use_passcode": false  }}

Delete Duo MFA method

This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use by a login enforcement.

Method	Path
`DELETE`	`/identity/mfa/method/duo/:method_id`

Parameters

method_id (string: <required>) - UUID of the MFA method.

Sample request

$ curl \    --header "X-Vault-Token: ..." \    --request DELETE \    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

List Duo MFA methods

This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.

Method	Path
`LIST`	`/identity/mfa/method/duo`

Sample request

$ curl \    --header "X-Vault-Token: ..." \    --request LIST \    http://127.0.0.1:8200/v1/identity/mfa/method/duo

Sample response

{  "data": {    "keys": [      "4194659f-139b-400b-b5dd-86bfb726759d"    ]  }}