Child pages
  • Grouper Duo provisioning (v2.5 provisioning framework)
Skip to end of metadata
Go to start of metadata

Demo

Demo video of provisioning groups and memberships to Duo

This is the script to create users in the video

GrouperSession grouperSession = GrouperSession.startRootSession();
RegistrySubject.addOrUpdate(grouperSession, "mchyzer", "person", "Chris Hyzer", "Chris Hyzer", "mchyzer", "Chris Hyzer", "mchyzer@upenn.edu");
RegistrySubject.addOrUpdate(grouperSession, "kwilso", "person", "Kate Wilson", "Kate Wilson", "kwilso", "Kate Wilson", "kwilso@upenn.edu");


Create a credential in duo admin


External system

Provisioning fields and attributes

Group

Grouper nameAttribute or fieldTypeRequired?Duo APIDuo UIDescription
idfieldStringrequiredgroup_id(in URL)This is the UUID read from Duo.  Select only.
namefieldStringrequirednameGroup Name

This is the name of the group on the Duo side.

descriptionattributeStringoptionaldescDescriptionThis is the description in Duo

Entity

Grouper nameAttribute or fieldTypeRequired?Duo APIDuo UIDescription
idfieldStringrequireduser_id(in URL)This is the UUID read from Duo.  Select only.
loginIdfieldStringrequiredusernameUsername

This is the username in Duo

namefieldStringoptionalrealnameFull nameFirst and last name
emailfieldStringoptionalemailEmailEmail address for user
firstnameattributeStringoptionalfirstnameNAFirst name of user
lastnameattributeStringoptionallastnameNALast name of user

Logging

Generally you will have logging setting set to off unless you are troubleshooting something.

If you want to see the HTTP traffic going to and from duo, set one of these options


You will see container logs that look like this

2021-11-06 13:54:04,854: [Thread-36] INFO  GrouperProvisioningLogCommands.infoLog(25) -  - Command log for provisioner 'duoTest' - 'u5ydv5lk', retrieveAllData: HTTP method: get
HTTP URL: https://api-84f782e2.duosecurity.com/admin/v1/groups?limit=100&offset=0
HTTP request header: Authorization: *******
HTTP request header: Date: Sat, 06 Nov 2021 17:54:02 +0000
HTTP request header: Content-Type: application/x-www-form-urlencoded
HTTP response code: 200, took ms: 913
HTTP response header: Transfer-Encoding: chunked
HTTP response header: Strict-Transport-Security: max-age=31536000
HTTP response header: Server: Duo/1.0
HTTP response header: Cache-Control: no-store
HTTP response header: Etag: W/"198da276e78d748b76b7123456"
HTTP response header: Content-Security-Policy: default-src 'self'; frame-src 'self' ; img-src 'self'  ; connect-src 'self'
HTTP response header: Connection: keep-alive
HTTP response header: Pragma: no-cache
HTTP response header: Date: Sat, 06 Nov 2021 17:54:03 GMT
HTTP response header: Content-Type: application/json
{
   "metadata":{
      "total_objects":11
   },
   "response":[
      {
         "desc":"",
         "group_id":"DGUCVTMOMM3UK7YHQ7ZE",
         "mobile_otp_enabled":false,
         "name":"duoGroupFromGrouper",
         "push_enabled":false,
         "sms_enabled":false,
         "status":"Active",
         "voice_enabled":false
      },
      {
         "desc":"This is a description",
         "group_id":"DGCVKVG5GQNG0Z4ZF13G",
         "mobile_otp_enabled":false,
         "name":"duoGroupFromGrouper2",
         "push_enabled":false,
         "sms_enabled":false,
         "status":"Active",
         "voice_enabled":false
      }
   ],
   "stat":"OK"
}

You can load duo users into grouper database into grouper_prov_duo_user table as shown below.

grouper_prov_duo_user table is shown below

  • No labels