Skip to main content

DUO Admin

This Integration is part of the DUO Admin Pack.#

DUO for admins. Must have access to the admin api in order to use this. This integration was integrated and tested with version 4.4.0 of DUO Admin

Configure DUO Admin in Cortex#

ParameterRequired
API HostnameTrue
Integration KeyTrue
Secret KeyTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

duoadmin-get-authentication-logs-by-user#


Returns authentication logs associated with a user. Limited to 30 at a time

Base Command#

duoadmin-get-authentication-logs-by-user

Input#

Argument NameDescriptionRequired
usernameThe user associated with the logs.Required
fromFetch logs from this time until now. Possible values are: 10_seconds_ago, 1_minute_ago, 10_minutes_ago, 1_hour_ago, 10_hours_ago, 1_day_ago, 1_week_ago, 1_month_ago, 1_year_ago, 5_years_ago, 10_years_ago.Required
limitThe maximum number of authentication logs to return. Default is 50.Optional

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.auth_logs.resultstringResult of the authentication attempt
DuoAdmin.UserDetails.auth_logs.event_typestringType of activity logged
DuoAdmin.UserDetails.auth_logs.reasonstringReason for the authentication attempt result
DuoAdmin.UserDetails.auth_logs.access_device.ipstringThe GeoIP location of the access device. IP field
DuoAdmin.UserDetails.auth_logs.access_device.hostnamestringThe GeoIP location of the access device. Hostname field
DuoAdmin.UserDetails.auth_logs.access_device.location.citystringThe GeoIP location of the access device. City field
DuoAdmin.UserDetails.auth_logs.access_device.location.statestringThe GeoIP location of the access device. State field
DuoAdmin.UserDetails.auth_logs.access_device.location.countrystringThe GeoIP location of the access device. Country field
DuoAdmin.UserDetails.auth_logs.auth_device.ipstringThe GeoIP location of the authentication device. IP field
DuoAdmin.UserDetails.auth_logs.auth_device.hostnamestringThe GeoIP location of the authentication device. Hostname field
DuoAdmin.UserDetails.auth_logs.auth_device.location.citystringThe GeoIP location of the authentication device. City field
DuoAdmin.UserDetails.auth_logs.auth_device.location.statestringThe GeoIP location of the authentication device. State field
DuoAdmin.UserDetails.auth_logs.auth_device.location.countrystringThe GeoIP location of the authentication device. Country field
DuoAdmin.UserDetails.auth_logs.timestampdateTimestamp of the event
DuoAdmin.UserDetails.auth_logs.application.namestringName of the application accessed
DuoAdmin.UserDetails.auth_logs.factorstringThe authentication factor

duoadmin-dissociate-device-from-user#


Dissociates a device from a user

Base Command#

duoadmin-dissociate-device-from-user

Input#

Argument NameDescriptionRequired
usernameuser to dissociate a device from.Required
device_idthe device id to dissociate.Required

Context Output#

There is no context output for this command.

duoadmin-delete-u2f-token#


Delete a u2f token

Base Command#

duoadmin-delete-u2f-token

Input#

Argument NameDescriptionRequired
token_idthe id of the token to delete.Required

Context Output#

There is no context output for this command.

duoadmin-get-users#


Return usernames and their user id

Base Command#

duoadmin-get-users

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.usernamestringUsername
DuoAdmin.UserDetails.user_idstringUser Id
DuoAdmin.UserDetails.statusstringStatus
DuoAdmin.UserDetails.is_enrolledbooleanis_enrolled
DuoAdmin.UserDetails.last_logindateLast_login
DuoAdmin.UserDetails.realnamestringReal Name
DuoAdmin.UserDetails.emailstringEmail
DuoAdmin.UserDetails.phonesunknownPhone numbers

duoadmin-get-devices-by-user#


Return devices associated with a user

Base Command#

duoadmin-get-devices-by-user

Input#

Argument NameDescriptionRequired
usernameUsername.Required

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.phones.phone_idstringDevice Id
DuoAdmin.UserDetails.phones.numberstringDevice number
DuoAdmin.UserDetails.phones.platformstringDevice platform
DuoAdmin.UserDetails.phones.last_seendateLast time the device was used

duoadmin-get-u2f-tokens-by-user#


Returns a list of U2F tokens associated with the given username

Base Command#

duoadmin-get-u2f-tokens-by-user

Input#

Argument NameDescriptionRequired
usernameusername.Required

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.u2ftokensUnknownThe list of tokens

duoadmin-get-devices#


Returns all existing devices

Base Command#

duoadmin-get-devices

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
DuoAdmin.Phones.phone_idUnknownDevice Id
DuoAdmin.Phones.numberUnknownDevice number
DuoAdmin.Phones.platformUnknownDevice platform
DuoAdmin.Phones.last_seenUnknownLast time the device was used
DuoAdmin.Phones.usersUnknownUsers associated with this device

duoadmin-associate-device-to-user#


Associates a device to a user

Base Command#

duoadmin-associate-device-to-user

Input#

Argument NameDescriptionRequired
usernameUsername.Required
device_idDevice Id.Required

Context Output#

There is no context output for this command.

duoadmin-get-admins#


Returns administrator accounts

Base Command#

duoadmin-get-admins

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.admin_idstringAdmin_id
DuoAdmin.UserDetails.admin_unitsunknownAdmin Units
DuoAdmin.UserDetails.createddateCreated
DuoAdmin.UserDetails.emailstringEmail
DuoAdmin.UserDetails.last_logindateLast Login
DuoAdmin.UserDetails.namestringName
DuoAdmin.UserDetails.phoneunknownPhone
DuoAdmin.UserDetails.rolestringAdmin Role
DuoAdmin.UserDetails.statusstringAdmin Status

duoadmin-get-bypass-codes#


Retrieves the information from the bypass code table

Base Command#

duoadmin-get-bypass-codes

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
DuoAdmin.UserDetails.bypass_code_idunknownBypass Code Id
DuoAdmin.UserDetails.admin_emailstringAdmin Email
DuoAdmin.UserDetails.createddateBypass Created
DuoAdmin.UserDetails.expirationunknownBypass Expiration
DuoAdmin.UserDetails.reuse_countunknownBypass Reuse Count
DuoAdmin.UserDetails.user.usernameunknownUsername
DuoAdmin.UserDetails.user.createdunknownCreated
DuoAdmin.UserDetails.user.emailunknownEmail
DuoAdmin.UserDetails.user.last_loginunknownLast Login
DuoAdmin.UserDetails.user.statusunknownStatus
DuoAdmin.UserDetails.user.user_idunknownUser Id

duoadmin-modify-admin#


Modify the administrator user.

Base Command#

duoadmin-modify-admin

Input#

Argument NameDescriptionRequired
admin_idThe id of the admin.Required
nameThe name of the admin.Optional
phoneThe phone number of the admin.Optional
passwordthe password of the admin.Optional
password_change_requireda flag to determine if the password should change. Possible values are: false, true. Default is false.Optional

Context Output#

There is no context output for this command.

duoadmin-modify-user#


Modify the user account.

Base Command#

duoadmin-modify-user

Input#

Argument NameDescriptionRequired
user_idThe user id of the user.Required
user_nameThe user name of the user.Optional
realnameThe real name of the user.Optional
statusThe status of the user. Possible values are: active, disabled.Optional
notesNotes for the user.Optional
emailThe email of the user.Optional
first_nameThe first name of the user.Optional
last_nameThe last name of the user.Optional
alias1The first alias of the user.Optional
alias2The second alias of the user.Optional
alias3The third alias of the user.Optional
alias4The fourth alias of the user.Optional
aliasesThe aliases list of the user.Optional

Context Output#

There is no context output for this command.