Vault
duo
Create Duo MFA method
This endpoint creates a new MFA method of type Duo.
| Method | Path |
|---|---|
POST | /identity/mfa/method/duo |
Parameters
method_name(string)- The unique name identifier for this MFA method. Supported from Vault 1.13.0.username_format(string)- A template string for mapping Identity names to MFA methods. Values to substitute should be placed in{{}}. For example,"{{identity.entity.name}}". If blank, the Entity's Name field is used as-is.secret_key(string: <required>)- Secret key for Duo.integration_key(string: <required>)- Integration key for Duo.api_hostname(string: <required>)- API hostname for Duo.push_info(string)- Push information for Duo.use_passcode(bool: false)- If true, the user is reminded to use the passcode upon MFA validation.
Sample payload
{
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
"secret_key": "BIACEUEAXI20BNWTEYXT",
"integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
"api_hostname": "api-2b5c39f5.duosecurity.com",
"method_name": "ns1_duo"
}
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
Sample response
{
"data": {
"method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b"
}
}
Update Duo MFA method
This endpoint updates the configuration of an MFA method of type Duo.
| Method | Path |
|---|---|
POST | /identity/mfa/method/duo/:method_id |
Parameters
method_id(string: <required>)- UUID of the MFA method.and all of the parameters documented under the preceding "Create" endpoint.
Sample payload
Identical to the preceding "Create" endpoint.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
Read Duo MFA method
This endpoint queries the MFA configuration of Duo type for a given method ID.
| Method | Path |
|---|---|
GET | /identity/mfa/method/duo/:method_id |
Parameters
id(string: <required>)– UUID of the MFA method.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
Sample response
{
"data": {
"api_hostname": "api-2b5c39f5.duosecurity.com",
"id": "4194659f-139b-400b-b5dd-86bfb726759d",
"integration_key": "BIACEUEAXI20BNWTEYXT",
"pushinfo": "",
"secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
"type": "duo",
"username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}",
"use_passcode": false
}
}
Delete Duo MFA method
This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use by a login enforcement.
| Method | Path |
|---|---|
DELETE | /identity/mfa/method/duo/:method_id |
Parameters
method_id(string: <required>)- UUID of the MFA method.
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
List Duo MFA methods
This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.
| Method | Path |
|---|---|
LIST | /identity/mfa/method/duo |
Sample request
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/mfa/method/duo
Sample response
{
"data": {
"keys": [
"4194659f-139b-400b-b5dd-86bfb726759d"
]
}
}