This guide explains how to enable your Duo users to authenticate on Cmd-enabled servers.

  • The email addresses associated with your users' Cmd accounts must also be associated with them as aliases in Duo
  • Before an integration can be added to a project, a global admin must enable it.
  • After that, a manager or admin can add the integration to a project.

Article overview


Step one: Configure Duo

  1. Log into the Duo portal.

  2. Select Applications from the left-hand menu.

  3. Click Protect an Application in the top-right corner.

  4. Search for the integration called 'Auth API' and click Protect this application.

    5. Next, take note of the information shown in the 'Details' section. You'll need it to
        complete the integration in the Cmd web app.

    6. Go to the bottom and click Save


Step two: Configure Cmd

  1. Log into the Cmd web app.

  2. Confirm that you are adding the integration to the correct project by reviewing the name of the current project in the top-right corner of the page. Click it to open the drop-down list.
    Note: Need to switch projects? Click the name of the current project, then select a different project from the drop-down list.

  3. Select Project & app settings from the drop-down list.

  4. Select Integration preferences from the left-hand menu.

  5. Select Duo Security:

    6. Add the API URL, integration key, and secret key from Duo:

    7. Click Save.

Step three: Enable Duo for 2FA

Once your Duo integration is configured, you can enable duo as a 2FA option for your Cmd project.

  1. Click your project name in the top right to open the drop down menu.

  2. Click Project and app settings.

  3. Select Agent from the menu on the left.

  4. Scroll down to the '2-factor authentication options' section.

  5. Check the box next to where it says 'Duo'.

Step four: Create a trigger for testing

For instructions on adding a trigger which will prompt your users for 2FA, see Adding new triggers.


Related resources

To learn more about third-party integrations, including other SSO providers, see:
Our integrations overview


Did this answer your question?