Demo
Demo video of provisioning groups and memberships to Duo
Create a credential in duo admin
External system
Provisioning fields and attributes
Group
Grouper name | Attribute or field | Type | Required? | Duo API | Duo UI | Description |
---|---|---|---|---|---|---|
id | field | String | required | group_id | (in URL) | This is the UUID read from Duo. Select only. |
name | field | String | required | name | Group Name | This is the name of the group on the Duo side. |
description | attribute | String | optional | desc | Description | This is the description in Duo |
Entity
Grouper name | Attribute or field | Type | Required? | Duo API | Duo UI | Description |
---|---|---|---|---|---|---|
id | field | String | required | user_id | (in URL) | This is the UUID read from Duo. Select only. |
loginId | field | String | required | username | Username | This is the username in Duo |
name | field | String | optional | realname | Full name | First and last name |
field | String | optional | Email address for user | |||
firstname | attribute | String | optional | firstname | NA | First name of user |
lastname | attribute | String | optional | lastname | NA | Last name of user |
Logging
Generally you will have logging setting set to off unless you are troubleshooting something.
If you want to see the HTTP traffic going to and from duo, set one of these options
You will see container logs that look like this
2021-11-06 13:54:04,854: [Thread-36] INFO GrouperProvisioningLogCommands.infoLog(25) - - Command log for provisioner 'duoTest' - 'u5ydv5lk', retrieveAllData: HTTP method: get HTTP URL: https://api-84f782e2.duosecurity.com/admin/v1/groups?limit=100&offset=0 HTTP request header: Authorization: ******* HTTP request header: Date: Sat, 06 Nov 2021 17:54:02 +0000 HTTP request header: Content-Type: application/x-www-form-urlencoded HTTP response code: 200, took ms: 913 HTTP response header: Transfer-Encoding: chunked HTTP response header: Strict-Transport-Security: max-age=31536000 HTTP response header: Server: Duo/1.0 HTTP response header: Cache-Control: no-store HTTP response header: Etag: W/"198da276e78d748b76b7123456" HTTP response header: Content-Security-Policy: default-src 'self'; frame-src 'self' ; img-src 'self' ; connect-src 'self' HTTP response header: Connection: keep-alive HTTP response header: Pragma: no-cache HTTP response header: Date: Sat, 06 Nov 2021 17:54:03 GMT HTTP response header: Content-Type: application/json { "metadata":{ "total_objects":11 }, "response":[ { "desc":"", "group_id":"DGUCVTMOMM3UK7YHQ7ZE", "mobile_otp_enabled":false, "name":"duoGroupFromGrouper", "push_enabled":false, "sms_enabled":false, "status":"Active", "voice_enabled":false }, { "desc":"This is a description", "group_id":"DGCVKVG5GQNG0Z4ZF13G", "mobile_otp_enabled":false, "name":"duoGroupFromGrouper2", "push_enabled":false, "sms_enabled":false, "status":"Active", "voice_enabled":false } ], "stat":"OK" }
You can load duo users into grouper database into grouper_prov_duo_user table as shown below.
grouper_prov_duo_user table is shown below