This article takes you through configuring your Yurbi server to use Duo Push.
Once you complete this process, you can enable specific users in Yurbi to use Duo Security’s two-factor authentication platform to protect access to Yurbi.
Requirements
- Yurbi Version 11.6 Build 11.22.9.20 or higher is required to enable the Duo Two-Factor Authentication.
- Yurbi will communicate with the Cisco Duo server on TCP port 443. Outbound firewall access from the Yurbi server on TCP port 443 is required.
Steps To Enable Duo Two-Factor Authentication
Log in to the Duo Admin Panel and navigate to Applications.
Click Protect an Application and locate Web SDK in the applications list. Click Protect this Application to get your client id, secret key, and API hostname. You can configure the Duo settings as needed in this section as well.
On the Yurbi server, edit the c:\program files(x86)\yurbi\config\appsettings.config file. Scroll to the bottom of the file and add a space to insert a setting as shown in the image below. Ensure that you maintain the 2 closing lines at the end of the file.
Copy the following configuration setting into the file, updating the capital items with the client id, secret key, and API hostname obtained from Duo in Step 2.
Also replace INSERTYURBIDOMAIN with the full address to your Yurbi login page, ex: http://server/yurbi or if you have applied a SSL and added a public web address, another example: https://www.myserver.com/
<setting>
<key>Duo_Enabled</key>
<value>true</value>
<encrypt>2</encrypt>
</setting>
<setting>
<key>Duo_ClientId</key>
<value>INSERTCLIENTID</value>
<encrypt>2</encrypt>
</setting>
<setting>
<key>Duo_ClientSecret</key>
<value>INSERTSECRETKEY</value>
<encrypt>2</encrypt>
</setting>
<setting>
<key>Duo_ApiHost</key>
<value>INSERTAPIHOST</value>
<encrypt>2</encrypt>
</setting>
<setting>
<key>Duo_Redirect</key>
<value>INSERTYURBIDOMAIN/yurbimidtier/duocallback.aspx</value>
<encrypt>2</encrypt>
</setting>
The integration is complete, you can now enable which users you wish to leverage Duo Two-Factor Authentication.
Log into Yurbi as an administrator and go to Permissions.
Edit the user to whom you wish to enabled Duo Two-Factor Authentication.
Under the setting TWO-FACTOR AUTH expand the dropdown and select duo.
Save the user and the process is complete.
The next time the user logins in, they will get prompted to setup their Duo Client per your Duo application settings. Upon completion of the Duo Client authentication, the user will automatically be logged into Yurbi.
NOTE: Should the user timeout due to inactivity, when they re-login, they will also be required to confirm the Duo 2FA prior to logging back into Yurbi.
Steps To Disable Duo Two-Factor Authentication
- Via permissions, edit the user and select none from the TWO FACTOR AUTH setting dropdown.
- Save the user. The user can now log in without the Duo 2FA requirement.