habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stages/authenticator_duo: add API to "import" devices from duo

Browse Source 
closes #1371

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-09-10 11:35:04 +02:00
parent 5fd4f56fa2
commit 7dfbcdbb81
4 changed files with 95 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
website/docs/flow/stages/authenticator_duo/index.md
View File

@ -9,3 +9,20 @@ Go to Applications, click on Protect an Application and search for "Auth API". C
Copy all of the integration key, secret key and API hostname, and paste them in the Stage form.
Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed.
## Importing users
:::info
Due to the way the Duo API works, authentik cannot automatically import existing Duo users.
:::
:::info
This API requires version 2021.10.1 or later
:::
You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters:
- `duo_user_id`: The Duo User's ID. This can be found in the Duo Admin Portal, navigating to the user list and clicking on a single user. Their ID is shown in th URL.
- `username`: The authentik user's username to assign the device to.
Additionally, you need to pass `stage_uuid` which is the `authenticator_duo` stage, in which you entered your API credentials.