Skip navigation
Duo Blog
Admin Login
Documentation

Duo Identity Security

Last Updated: May 6th, 2024

Contents

Related

Duo Identity Security provides you with insights, signals, and remediation features across your multi-vendor identity environment.

Duo Identity Security is an Early Access feature.

Overview

Duo Identity Security combines Duo’s strong attack mitigation and remediation capabilities enabled by Trust Monitor, Risk-Based Authentication, and policy enforcement with cross-vendor identity insights powered by Cisco Identity Intelligence.

Cisco Identity Intelligence

Cisco Identity Intelligence is a multi-sourced, vendor-agnostic solution that works across your existing identity stack and brings together authentication and access insights, enabling you to proactively address vulnerabilities and risks in your multi-vendor identity environment.

All Cisco Identity Intelligence features and capabilities are included in Duo Identity Security for Duo Premier and Duo Advantage customers.

Learn more about Cisco Identity Intelligence.

Requirements

Duo User Data Requirement

If you are using Active Directory Sync or Microsoft Entra ID Sync, Cisco Identity Intelligence will use the source directory's unique identifiers to associate Duo identities with matching identities in other vendors.

If you are not using Active Directory Sync or Microsoft Entra ID Sync, an email address will be required for the username or email field for your Duo users in order for Cisco Identity Intelligence to map Duo user identities to corresponding identities in other data integrations. The email address used in Duo must match an email address in another integrated platform (e.g., Okta, Google Workspace, AWS).

Provision Your Cisco Identity Intelligence Tenant

  1. Log on to the Duo Admin Panel as an administrator with the Owner admin role.

  2. Navigate to MonitoringCisco Identity Intelligence.

  3. Review the information on the "Cisco Identity Intelligence" page. If you agree to the terms, check the box, and then click Submit and start setup.

  4. Type in a unique organization name for your Cisco Identity Intelligence tenant in the Organization name field. Only lowercase letters, numbers, underscores, and dashes may be used. The organization name will be used to identify your tenant for SSO login. Click the Next button.

    Organization Name for Cisco Identity Intelligence Tenant

  5. Duo will automatically provision your Duo integration with Cisco Identity Intelligence to enable your new Cisco Identity Intelligence tools to consume and analyze Duo user and authentication data. Optionally, select the following checkboxes to enable additional permissions:

    • Grant write resource: Allow your Cisco Identity Intelligence application to add, modify, and delete resources, such as users, phones, and hardware tokens. This will enable your team to take remediation actions and send a push notification from within the Cisco Identity Intelligence panel.
    • Enable Event Streaming: This will enable Cisco Identity Intelligence to consume Duo logs near real-time via our Event Streaming bridge. If you leave this box unchecked, Cisco Identity Intelligence will poll Duo’s API for log data once daily.
    Configure Organization for Cisco Identity Intelligence Tenant

  6. Click the Next button.

  7. Next you'll configure an SSO login method for the Cisco Identity Intelligence panel. You can choose Duo SSO or another OIDC provider as your method to authenticate.

  8. To configure sign in with Duo SSO, select the Duo SSO tab. Before configuring you'll first need to enable Duo Single Sign-On for your Duo account and configure a working authentication source.

  9. Type in a connection name into the Duo SSO connection name field. This name will be displayed during SSO login for members of your organization logging into the Cisco Identity Intelligence panel. Click Submit and skip to step 12.

    Configure Duo SSO for Cisco Identity Intelligence

  10. To configure a different OIDC provider, select the OIDC tab. Follow the Cisco Identity Intelligence documentation for Okta SSO or Microsoft Entra ID for further instructions on how to set up SSO.

    OIDC for Microsoft Entra ID

    Currently, the Cisco Identity Intelligence documentation for Microsoft Entra ID SSO includes an option for SAML-based SSO. However, configuration of non-Duo SSO does not yet support SAML-based SSO. If you are configuring Microsoft Entra ID SSO, please follow the OIDC instructions.

  11. Enter in the information needed in the "OIDC" tab and then click Submit.

  12. You can now use your Cisco Identity Intelligence tenant. A Launch Identity Intelligence button will appear on this page that will launch the Cisco Identity Intelligence dashboard from the Duo Admin Panel. Data ingestion and analysis of Duo data will begin automatically. However, you must set up additional available integrations in order to maximize the cross-vendor visibility that Cisco Identity Intelligence provides and to ensure your full identity ecosystem is protected.

Note: If you created a Microsoft Entra ID or Okta SSO integration you must also create a data ingestion integration to enable Cisco Identity Intelligence to create accurate identity context checks.

Depending on how many identities exist in your environment, it can take a few days for all the data in your environment to get fully synchronized in the Cisco Identity Intelligence tenant. Learn more about Cisco Identity Intelligence.

Integrations

Cisco Identity Intelligence can integrate with a number of vendors for data ingestion, ticketing, notifications, and SIEM usage.

You can read more about the integrations and find configuration instructions by following the links below.

Cisco Identity Intelligence can ingest data from the following sources:

Additionally, integrations are available for notifications, ticketing and SIEMs:

Troubleshooting

Need some help? Take a look at our Knowledge Base articles or Community discussions. For further assistance, contact Support.