Duo Universal Prompt node

The Duo Universal Prompt node integrates with the Duo service to provide two-factor authentication using Duo’s Universal Prompt authentication interface. You can integrate Universal Prompt with your web applications using the Duo Web v4 SDK.

The Duo Universal Prompt node redirects the user to the Duo service, where they complete their registration or authentication; and return to the journey.

Compatibility

Product	Compatible?
PingOne Advanced Identity Cloud	Yes
ForgeRock Access Management (self-managed)	Yes
ForgeRock Identity Platform (self-managed)	Yes

Product

Compatible?

PingOne Advanced Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

This node requires the following inbound data:

Description	Attribute name	Source
Username	username	Shared state

Description

Attribute name

Source

Username

username

Shared state

Dependencies

To use this node, you should have already set up Advanced Identity Cloud integration with the Duo authentication service. Refer to Duo node (Deprecated).

Configuration

The configurable properties for this node are:

Property Usage

Property	Usage
Client ID	The client’s ID on Duo.
Client Secret	The client’s secret on Duo.
API Hostname	The Duo API host name.
Failure Mode When Duo is Down	When Duo health check fails, two-factor authentication is not performed and this property is used to determine the outcome from the node: If set to `OPEN`, the node proceeds to the True outcome. If set to `CLOSED`, the node proceeds to the False outcome.
OpenAM Callback URL	The Advanced Identity Cloud callback URL to return and resume the journey.

Client ID

The client’s ID on Duo.

Client Secret

The client’s secret on Duo.

API Hostname

The Duo API host name.

Failure Mode When Duo is Down

When Duo health check fails, two-factor authentication is not performed and this property is used to determine the outcome from the node:

If set to OPEN, the node proceeds to the True outcome.
If set to CLOSED, the node proceeds to the False outcome.

OpenAM Callback URL

The Advanced Identity Cloud callback URL to return and resume the journey.

Outputs

In case of an Error outcome, the error message is output to the shared state.

Outcomes

True: Duo authentication is successful.
False: Duo authentication failed.
Error: Any error that occurred while authenticating. An error message is output to the shared state.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.

Example

This example journey highlights the use of the Duo Universal Prompt node. In this case, the Duo Universal Prompt node redirects the user to the Duo service to complete their Duo registration or authentication. Upon completion of registration or authentication, the user returns to the node and continues the journey.