2FA with Duo

Integrating Duo with Keeper Connection Manager for 2FA/MFA

Keeper Connection Manager provides support for Duo as a second authentication factor, automatically verifying user identity with Duo after the user is initially authenticated.

To set up Duo, see the DUO_* configuration parameters in the keeper/guacamole Docker image.

Docker Environment Variables

The image keeper/guacamole can be modified to support Duo using environment variables. See the DUO_* variables defined in the Duo documentation.

DUO_SECRET_KEY: <from Duo>
DUO_APPLICATION_KEY: <random key that you generate>

Generating the random application key

The Duo “Web SDK” requires that an arbitrary and random key be generated for each application. This key resides strictly on the side of the application, and is not registered with Duo.

Any random value containing at least 40 characters will suffice. To quickly grab 40 random characters from /dev/random:

tr -dc 'a-zA-Z0-9' < /dev/random | head -c40; echo

Last updated