Configuring DUO security (push)

To enable DUO Security (Push) for use in MFA in Forcepoint ONE SSE, you will need to configure an API connection between Forcepoint ONE SSE and DUO.

1. To begin login to DUO with an admin account and select Applications from the left column. On the Applications page, select Protect an Application.
   
   
   
2. On the Protect an Application page search for API as we will want to add both of the options that appear (Admin API and Auth API). To start click Protect an Application for Admin API.
   
   
   
3. The Admin API configuration page will provide the keys and hostnames needed for configuration in Forcepoint ONE SSE as well as the Permission settings you wish to grant admins using the DUO security app.
   1. Under the Details section, copy and save the information in all 3 fields (Integration key, Secret key, and API hostname).
      Note: The Secret key will display once you click into the field.
   2. Under the Settings section, select the permissions you wish to grant to the Admin and then save your changes at the bottom.
      
      
      
4. Go back to the Protect an Application page, click Protect this Application for Auth API.
   1. On the Auth API settings page, copy out the 3 fields under the Details section and save for later.
   2. Under the Global Policy section, click Edit Global Policy and edit the policy for how you want users to be able to enroll/authenticate. There are a lot of policy options so go through them and select what is right for your users.
      
      
      
      
      
   With the API configuration done in DUO, you are ready to complete the process in the Forcepoint ONE SSE admin portal.
5. Login to the Forcepoint ONE SSE portal as an admin and navigate to IAM > Multi-Factor Auth > DUO Security.
6. On the DUO Security API Details page, input the information for Hostname, Integration Key, and Secret Key for both Auth API and Admin API that you saved earlier.
7. Set the Username field to what you will be using as their username for Authentication UPN or SAMAccountName. Click Save when done.
   
   
   
8. Once setup, you can add a Multi-Factor Authentication policy on the policies page and select Duo Security (Push) as the option.
   
   
   
9. When the user attempts to login for the first time after configuration, they will be prompted to configure the Duo Security app. Have the user click configure and then with the Duo Security app on their phone, they will need to scan the QR code presented.
   
   
   
   
   
10. The user or the Forcepoint ONE SSE admin can disconnect the DUO Push setup at any time.
    1. The Forcepoint ONE SSE admin can navigate to the IAM > User and Groups page and then locate the user in question and click on their name to open up the User Details dialog. Scroll to the bottom and you will see the setup options for the user. Select Remove for the MFA - DUO Security (Push) to remove their connection.
       
       
       
    2. For the user to remove their connection to their authenticator app they must login to the Forcepoint ONE SSE portal and select edit profile. Near the bottom they will see their setup options and an option for the MFA - DUO Security (Push) to remove.