2FA with Duo

Integrating Duo with Keeper Connection Manager for 2FA/MFA
Keeper Connection Manager provides support for Duo as a second authentication factor, automatically verifying user identity with Duo after the user is initially authenticated.
To set up Duo, see the DUO_* configuration parameters in the keeper/guacamole Docker image.

Generating the application key

The Duo “Web SDK” requires that an arbitrary and random key be generated for each application. This key resides strictly on the side of the application, and is not registered with Duo.
Any random value containing at least 40 characters will suffice. To quickly grab 40 random characters from /dev/random:
$ tr -dc 'a-zA-Z0-9' < /dev/random | head -c40; echo

Docker Environmental Variables

The image keeper/guacamole can be modified to support Duo using environmental variables. See the DUO_* variables defined in the documentation.