This works in Grouper in v4.7.0+

External System

Note the credential on the Duo side needs "Grant administrators" and "Grant read resource"

See Duo external system doc

Description


Manage administrators in Duo

Attributes

Group fields and attributes

Grouper nameTypeRequiredDescription
roleStringrequiredrole name


Entity fields and attributes

Grouper nameTypeRequiredDescription
roleStringrequiredrole name.  Check this doc for most recent available roles.  e.g.
Owner, Administrator, Application Manager, User Manager, Help Desk, Billing, or Read-only
idStringrequiredadmin id
nameStringrequiredname of the admin
emailStringrequiredunique email address of the admin
send_emailStringoptional1 send email for new users, 0 dont (default)


Example configuration

This folder is provisioner and has a group for all the admin roles





provisioner.duoAdminRoleTest.addDisabledFullSyncDaemon = true
provisioner.duoAdminRoleTest.addDisabledIncrementalSyncDaemon = true
provisioner.duoAdminRoleTest.allowAssignmentsOnlyOnOneStem = true
provisioner.duoAdminRoleTest.class = edu.internet2.middleware.grouper.app.duo.role.GrouperDuoRoleProvisioner
provisioner.duoAdminRoleTest.customizeEntityCrud = true
provisioner.duoAdminRoleTest.customizeGroupCrud = true
provisioner.duoAdminRoleTest.customizeMembershipCrud = true
provisioner.duoAdminRoleTest.deleteEntitiesIfNotExistInGrouper = true
provisioner.duoAdminRoleTest.deleteMemberships = true
provisioner.duoAdminRoleTest.deleteMembershipsIfNotExistInGrouper = true
provisioner.duoAdminRoleTest.duoExternalSystemConfigId = duoAdminProvisioningTest
provisioner.duoAdminRoleTest.entityAttributeValueCache0entityAttribute = id
provisioner.duoAdminRoleTest.entityAttributeValueCache0has = true
provisioner.duoAdminRoleTest.entityAttributeValueCache0source = target
provisioner.duoAdminRoleTest.entityAttributeValueCache0type = entityAttribute
provisioner.duoAdminRoleTest.entityAttributeValueCache1entityAttribute = email
provisioner.duoAdminRoleTest.entityAttributeValueCache1has = true
provisioner.duoAdminRoleTest.entityAttributeValueCache1source = target
provisioner.duoAdminRoleTest.entityAttributeValueCache1type = entityAttribute
provisioner.duoAdminRoleTest.entityAttributeValueCacheHas = true
provisioner.duoAdminRoleTest.entityMatchingAttribute0name = email
provisioner.duoAdminRoleTest.entityMatchingAttributeCount = 1
provisioner.duoAdminRoleTest.entityMembershipAttributeName = role
provisioner.duoAdminRoleTest.entityMembershipAttributeValue = groupAttributeValueCache0
provisioner.duoAdminRoleTest.groupAllowedToView = penn:isc:ait:apps:twoFactor:twoFactorSecurity:twoFactorOwners
provisioner.duoAdminRoleTest.groupAttributeValueCache0groupAttribute = role
provisioner.duoAdminRoleTest.groupAttributeValueCache0has = true
provisioner.duoAdminRoleTest.groupAttributeValueCache0source = grouper
provisioner.duoAdminRoleTest.groupAttributeValueCache0type = groupAttribute
provisioner.duoAdminRoleTest.groupAttributeValueCacheHas = true
provisioner.duoAdminRoleTest.hasTargetEntityLink = true
provisioner.duoAdminRoleTest.logAllObjectsVerbose = true
provisioner.duoAdminRoleTest.logAllObjectsVerboseToLogFile = true
provisioner.duoAdminRoleTest.logCommandsAlways = true
provisioner.duoAdminRoleTest.makeChangesToEntities = true
provisioner.duoAdminRoleTest.numberOfEntityAttributes = 5
provisioner.duoAdminRoleTest.numberOfGroupAttributes = 1
provisioner.duoAdminRoleTest.onlyProvisionPolicyGroups = true
provisioner.duoAdminRoleTest.operateOnGrouperEntities = true
provisioner.duoAdminRoleTest.operateOnGrouperGroups = true
provisioner.duoAdminRoleTest.operateOnGrouperMemberships = true
provisioner.duoAdminRoleTest.provisioningType = entityAttributes
provisioner.duoAdminRoleTest.selectAllEntities = true
provisioner.duoAdminRoleTest.selectGroups = false
provisioner.duoAdminRoleTest.showAdvanced = true
provisioner.duoAdminRoleTest.showAssigningProvisioning = true
provisioner.duoAdminRoleTest.startWith = this is start with read only
provisioner.duoAdminRoleTest.subjectSourcesToProvision = pennperson
provisioner.duoAdminRoleTest.targetEntityAttribute.0.insert = false
provisioner.duoAdminRoleTest.targetEntityAttribute.0.name = id
provisioner.duoAdminRoleTest.targetEntityAttribute.0.showAdvancedAttribute = true
provisioner.duoAdminRoleTest.targetEntityAttribute.0.showAttributeCrud = true
provisioner.duoAdminRoleTest.targetEntityAttribute.0.update = false
provisioner.duoAdminRoleTest.targetEntityAttribute.1.defaultValue = Read-only
provisioner.duoAdminRoleTest.targetEntityAttribute.1.name = role
provisioner.duoAdminRoleTest.targetEntityAttribute.1.required = true
provisioner.duoAdminRoleTest.targetEntityAttribute.1.showAdvancedAttribute = true
provisioner.duoAdminRoleTest.targetEntityAttribute.1.showAttributeValidation = true
provisioner.duoAdminRoleTest.targetEntityAttribute.1.showAttributeValueSettings = true
provisioner.duoAdminRoleTest.targetEntityAttribute.2.name = name
provisioner.duoAdminRoleTest.targetEntityAttribute.2.translateExpressionType = grouperProvisioningEntityField
provisioner.duoAdminRoleTest.targetEntityAttribute.2.translateFromGrouperProvisioningEntityField = name
provisioner.duoAdminRoleTest.targetEntityAttribute.3.name = email
provisioner.duoAdminRoleTest.targetEntityAttribute.3.translateExpression = \u0024{grouperProvisioningEntity.getSubjectIdentifier0() + '@isc.upenn.edu'}
provisioner.duoAdminRoleTest.targetEntityAttribute.3.translateExpressionType = translationScript
provisioner.duoAdminRoleTest.targetEntityAttribute.4.name = send_email
provisioner.duoAdminRoleTest.targetEntityAttribute.4.select = false
provisioner.duoAdminRoleTest.targetEntityAttribute.4.showAdvancedAttribute = true
provisioner.duoAdminRoleTest.targetEntityAttribute.4.showAttributeCrud = true
provisioner.duoAdminRoleTest.targetEntityAttribute.4.translateExpressionType = staticValues
provisioner.duoAdminRoleTest.targetEntityAttribute.4.translateFromStaticValues = 1
provisioner.duoAdminRoleTest.targetEntityAttribute.4.update = false
provisioner.duoAdminRoleTest.targetGroupAttribute.0.name = role
provisioner.duoAdminRoleTest.targetGroupAttribute.0.translateExpressionType = grouperProvisioningGroupField
provisioner.duoAdminRoleTest.targetGroupAttribute.0.translateFromGrouperProvisioningGroupField = displayExtension