Integrating DUO Two-Factor Authentication

If your organization is using multi-factor authentication, you can configure EmpowerID to enable users to use Duo as a second factor by registering your corporate Duo account in EmpowerID and adding Duo Two-Factor Authentication to any Password Manager policy or SSO application as a multi-factor authentication type.

In order to use Duo, your organization must have a Duo account. If you do not have a Duo account, you can sign up for one by visiting

To integrate DUO Two-Factor Authentication

  1. From the Navigation Sidebar, navigate to the EmpowerID System Settings page by expanding Admin > Miscellaneous and clicking EmpowerID System Settings.
  2. Search for DUO. You should see settings for DUOAPIHostName, DUOIntegrationKey and DUOSecretKey in the grid.
  3. From the grid, click the Edit button for the DUOAPIHostName setting.
  4. In the dialog that appears, enter your DUO API hostname in the Value field and click Save.
  5. Back in the grid, click the Edit button for the DUOIntegrationKey setting.
  6. Enter your DUO integration key in the Value field and click Save.
  7. Next, click the Edit button for the DUOSecretKey setting.
  8. Enter your DUO secret key in the Value field and click Save.
  9. Each DUO setting should now be populated with the corresponding values for your DUO account.

    Now that you have registered your DUO account in EmpowerID, the next step to using it for MFA in EmpowerID is to add it as a MFA type to one or more Password Manager policies and SSO applications. For directions on how to do so, see Assigning MFA Types to Password Manager Policies and Assigning MFA Types to Applications.