# Duo Two-Factor Authentication Configuration Properties {% hint style="info" %} The properties listed here are only applicable if Duo two-factor authentication is being used. Support for Duo two-factor authentication is[ installed using the kcm`-guacamole-auth-duo` package](https://docs.keeper.io/en/keeper-connection-manager/authentication/using-duo-for-multi-factor-authentication) or enabled with the Docker installation. If using[ the keeper/guacamole Docker image](https://docs.keeper.io/en/keeper-connection-manager/installation/docker-compose-install/keeper-guacamole), support for Duo two-factor authentication is configured using environment variables. {% endhint %} ### Duo application integration details The API hostname, integration key, and secret key are provided for you by Duo when you registered Guacamole within Duo's "Admin" panel. Each of these values is required and is generated by Duo. | Property name | Description | | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `duo-api-hostname` | The hostname of the Duo API endpoint to be used to verify user identities, generated by Duo when you registered Guacamole within Duo's "Admin" panel. This value can be found within the application details in the "API hostname" field. | | `duo-integration-key` | The integration key provided for Guacamole by Duo when you registered Guacamole within Duo's "Admin" panel. This value can be found within the application details in the "Integration key" field. | | `duo-secret-key` | The secret key provided for Guacamole by Duo when you registered Guacamole within Duo's "Admin" panel. This value can be found within the application details in the "Secret key" field. | ### Duo application key An arbitrary and random key must be provided for communicating with the Duo service. **This key MUST be manually generated and MUST BE AT LEAST 40 CHARACTERS.** | Property name | Description | | --------------------- | ------------------------------------------------------------------------- | | `duo-application-key` | The arbitrary, random key to use when communicating with the Duo service. | Any random value containing at least 40 characters will suffice. To quickly grab 40 random characters from `/dev/random`: ``` $ tr -dc 'a-zA-Z0-9' < /dev/random | head -c40; echo xqZKJODwg7ouwxdqU9hvuaWhE6lQFspijY0ofg8I $ ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/keeper-connection-manager/advanced-configuration/guacamole.properties/duo-two-factor-authentication-configuration-properties.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.