Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Duo Mobile
Environment: Huntress.IO management portal
Summary: Using and enabling Duo Mobile is the preferred method for Two-Factor (2FA) / Multi-factor (MFA) Authentication within the Huntress.IO portal.
Duo provides robust two-factor authentication for your VPN, email, web portal, cloud services, etc., all from a centrally-managed administration portal. Huntress supports Duo as a second factor using Push, SMS, voice calls, or passcodes.
Enabling Two-Factor For Your Account
Before you can enable any of the specific two-factor methods you'll need to generate backup codes ( and save them somewhere safe!) that can be used to recover access to your account should you ever lose your other second factors. You can learn more about this here.
Setup a Duo Integration (Account)
Before you can enable Duo authentication, you'll need to set up a Duo integration in your Huntress account. Login to your Duo portal with an administrative user and perform the following tasks:
- Click on the "Applications" - "Protect an Application" menu in the left-hand menu pane.
- Search for Huntress in the list of applications and click "Protect."
- Retrieve the Integration key, Secret key (must click in the box to reveal the key), and your API hostname. Record this information for the next steps.
-
IMPORTANT! : Your Huntress username is typically your full e-mail address (e.g. user@domain.com) but often your Duo username may only be the username portion of your e-mail address (e.g. "user"). If this is the case you must enable the "Username normalization" feature within the Duo portal by selecting "Simple."
Protect an Application > Select the Huntress > Scroll down to Settings > User NormalizationNOTE: If your username in Huntress is different from Duo username entirely (e.g. jane.user@domain.com vs. juser@domain.com) you need to utilize the Username aliases feature in Duo.
- Create a Duo integration in Huntress.
- Enter the details for the integration and click Save.
Enable Two-Factor (User)
Please see our guide for setting up two-factor in the Huntress Portal here.
Disable Duo
If you decide you no longer want to use Duo as a second factor you can delete it from your user preferences page and you will no longer be prompted. You will however, be prompted for other two-factor methods if others are enabled.
FAQ
Duo has a feature called "username alias" where you are able to put your old email addresses. It passes them to huntress instead of having to change every email individually in Huntress.