Let Oomnitza be your single source of truth!
You'll get visibility of your Duo Security users as data from Duo Security is automatically transformed into consumable information and actionable insights.
The Duo Security User Load uses the Duo Admin Users API, which returns a paged list of users. For further information, see Duo Admin API: Users.
Connect Oomnitza and Duo Security in minutes
Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:
- Configurable dashboards and list views of key user information
- Configurable reports to share information about users with your colleagues and management
Configurable workflows that you can easily create for:
- Getting a user's last login activity, enabling you to identify accounts that are underutilized or that can be canceled
Before you start
Before you create the user integration, you need to have added your Duo Security credentials to Oomnitza.
You can create two user loads for Duo Security:
- Duo Security Federal Edition User Load
- Duo Security User Load
The integrations are essentially the same, except for the variation in the API request URLs. Specifically, the Duo Security Federal Edition User Load uses the duofederal.com URL for its requests, whereas the Duo Security User Load allows the use of the duosecurity.com or duofederal.com URL for making requests. For information on the API used in both user loads see Duo Admin API: Retrieve Users.
Adding global variables
To save time entering information when you create the integration, you can add your domains as a global variable in Oomnitza.
- Click Configuration>General>Global Settings.
- Click Add new variable(+).
- Depending on which user integration you choose, add the following variable as the key Duo Federal.Duo Api Domain or Duo Security.Duo Api Domain.
- For the Duo Federal key, you must supply the hex value of your Duo Security Federal subdomain. For example, if your URL is
https://123.duofederal.comyou need to supply
123. For the Duo Security key, you need to supply the hex value of your Duo Security subdomain and the domain, for example,
123.duofederal. For example, if your URL is
https://123.duosecurity.comyou need to supply
- Save your changes.
Creating the user integration
- In Oomnitza, click Configuration>Integrations>Overview.
- Click Block view .
- On the Integrations page, scroll down to the Extended section for user integrations.
- Click NEW INTEGRATION.
- Search for the integration in the sidebar.
- Click ADD.
Before you start
More information is provided about the following fields to help you complete the integration:
Integration preferences: By default, the option Create & Update is selected, which allows for editing existing user records and adding new ones. If your goal is only to edit existing user records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.
User selection: Select User only to create user records and add them to the People object. Select User plus SaaS User to create and add user records to the Software > SaaS object. Once your users are created in the SaaS menu, you can create SaaS user workflows to validate the existence of a given user in a SaaS system and to pull role information from your SaaS System. For steps see Creating SaaS user workflows.
When you select User plus SaaS User and you have multiple instances of the same SaaS, you can choose your SaaS instance from the dropdown. If you have a single instance of the SaaS, your instance is already detected by the system.
To review or update the integrations details, click Edit :
- Update the integration name if necessary.
- From the User Selection list, select an option.
- For installation type decide whether you want to store the credentials locally or in Oomnitza:
- Select Local if you want to store credentials locally.This mode does not support OAuth or AWS.
- Select Cloud if you want to store credentials in your Oomnitza instance.
- For integration preferences, select an option.
- Enter the name of the integration user.
Choose one of the following options:
- Select the credentials that were created for the integration.
- Edit the credentials that were created for the integration.
- Create new credentials
By default, user data is streamed to Oomnitza once every day.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Click Edit .
- Configure your schedule.
- Click Update.
To map the fields to Oomnitza, click Edit :.
Creating custom mappings
Map the Duo Security fields to Oomnitza fields and create custom mappings to get the user information that you need.
Complete these actions:
- Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
- Map other fields or create custom mappings to map any other field that you want to add to Oomnitza. To create an optional custom mapping, do the following:
- Click the down arrow on the field that you want to map.
- Select Add new Oomnitza users field.
- Change the name of the field.
- Click CREATE.
- Ensure that the Email is mapped to the Email field on the Oomnitza side (required for integration).
- Ensure that the Username is mapped to the Username field on the Oomnitza side (required for integration).
- Select the Role field on the Oomnitza mapping side.
- Choose a suitable role from the list (a defined role is necessary for the integration)
- Assign a sync key to a unique field, such as the Email.
- Click UPDATE.
Duo Security User Load mappings
Last Directory Sync
Duo Security Federal Edition User Load mappings
Last Directory Sync
Did you know?
You can define rules for your integration by selecting Edit integration on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.
You can add new fields to your integration by selecting Add new field on the mapping page. All you need to do is specify the property name. See Creating custom API fields.
Launching the integration
Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration.
If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration
If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.
Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu
Unleash the power of Oomnitza
To get valuable actionable insights that help you manage your assets, learn how to:
- Configure dashboards for your users and software
- Configure custom reports about your users and software
- Create workflows to automate tasks
See Getting started for more information.