Skip to main content

Has anyone setup up multi factor authentication using DUO?

Any information you could provide would be appreciated.

We are looking at this possibility as well.  Anyone using DUO for authentication?

Thanks,

Kemp


 Hi @dhoffman41 were you able to find an answer to your question? Thank you!


@Chris Hackett I have not found anything on this.  Is there a way to use DUO instead of the mobile app?


Hi @KempOdell68 I don’t know the answer to that. We’d need one of our product experts here to chime in.


I think @shantinannepaga76 has done this


I used DUO app on my phone for Office 365. It is similar to Authenticator app.


@shantinannepaga76 

Can you share how you set up DUO to work with Acumatica sign-in?


Does anyone have an actual answer to this on how DUO is configured for accumatica?


Hey Everyone,

I found a way to do this.  We did this with Azure AD sync to Acumatica and DUO with Azure AD with the Universal prompt.

So lets start with DUO

  • Need to have this already setup - https://duo.com/docs/azure-ca
  • We found this requires extra licensing in O365
    • Azure ad P1 for each user
    • Azure ad P3 for the global admin account to create the CA policies
    • Any Premium or E license comes with the P1
    • **Please review the licensing from MS specifically for your setup
  • Once setup this will protect the user logging into web apps like portal.office.com with duo

Next Acumatica

  • Follow this - https://help-2022r1.acumatica.com/Help?ScreenId=ShowWiki&pageid=68201e8c-05e5-42da-8028-360241a2aefe
  • We want to follow the integration for Azure active directory
  • Register the application in Azure
  • Update the web config
    • make sure the versions of acumatica are supported
    • 2020 R2 Update 18 (20.218.0021)
    • 2021 R1 Update 16 (21.116.0049)
    • 2021 R2 Update 4 (21.204.0055)

  • Then we created an individual group we add people to to be part of the sync

  • we did not create the groups to roles sync as we wanted to keep the acumatica control in the acumatica portal

    • this was our preference

    • So when we add people to this one group in Azure it will sync the account in Acumatica.

  • At this point you should the the AD button below the log in at the log in screen and use that

Lets talk about accounts in acumatica

  • If you have Native accounts and sync from Azure AD the Native account will not be used anymore
    • AD accounts will have to be updated below and native accounts can be removed
  • One Setting we also changed to keep settings in Acumatica is:
    • Log into acu site as admin
    • go to Configuration, users, click the search icon
      • any user that shows source = Active directory
      • click the individual name
      • check the box in the two factor auth section for
        • Override Active Directory Rules with Local Roles
    • This should allow management for roles still from Acumatica window
    • This does have to be done for each user with from the AD sync

Couple of heads up

  • We have noticed this caches a duo prompt so potentially the device will only get prompted the first time
    • this can be fixed by clearing the cache but we don’t force that every time

Disclaimer

  • Just in case, this was a specific setup for our organization and may not work for others
  • we did have issues with the web config file and sync but the articles linked were what we used to troubleshoot and come up with this solution 
  • also please review O365 licensing for your own requirements

Hope this helps,

Ryan


@RyanLe, Congrats!

We do not have Azure yet. Still working with on-premise AD. I will see if we can get something going to get to Azure and possibly use your notes.

Thanks!


Reply