Skip to main content

Has anyone setup up multi factor authentication using DUO?

Any information you could provide would be appreciated.

@RyanLe, Congrats!

We do not have Azure yet. Still working with on-premise AD. I will see if we can get something going to get to Azure and possibly use your notes.

Thanks!


Hey Everyone,

I found a way to do this.  We did this with Azure AD sync to Acumatica and DUO with Azure AD with the Universal prompt.

So lets start with DUO

  • Need to have this already setup - https://duo.com/docs/azure-ca
  • We found this requires extra licensing in O365
    • Azure ad P1 for each user
    • Azure ad P3 for the global admin account to create the CA policies
    • Any Premium or E license comes with the P1
    • **Please review the licensing from MS specifically for your setup
  • Once setup this will protect the user logging into web apps like portal.office.com with duo

Next Acumatica

  • Follow this - https://help-2022r1.acumatica.com/Help?ScreenId=ShowWiki&pageid=68201e8c-05e5-42da-8028-360241a2aefe
  • We want to follow the integration for Azure active directory
  • Register the application in Azure
  • Update the web config
    • make sure the versions of acumatica are supported
    • 2020 R2 Update 18 (20.218.0021)
    • 2021 R1 Update 16 (21.116.0049)
    • 2021 R2 Update 4 (21.204.0055)

  • Then we created an individual group we add people to to be part of the sync

  • we did not create the groups to roles sync as we wanted to keep the acumatica control in the acumatica portal

    • this was our preference

    • So when we add people to this one group in Azure it will sync the account in Acumatica.

  • At this point you should the the AD button below the log in at the log in screen and use that

Lets talk about accounts in acumatica

  • If you have Native accounts and sync from Azure AD the Native account will not be used anymore
    • AD accounts will have to be updated below and native accounts can be removed
  • One Setting we also changed to keep settings in Acumatica is:
    • Log into acu site as admin
    • go to Configuration, users, click the search icon
      • any user that shows source = Active directory
      • click the individual name
      • check the box in the two factor auth section for
        • Override Active Directory Rules with Local Roles
    • This should allow management for roles still from Acumatica window
    • This does have to be done for each user with from the AD sync

Couple of heads up

  • We have noticed this caches a duo prompt so potentially the device will only get prompted the first time
    • this can be fixed by clearing the cache but we don’t force that every time

Disclaimer

  • Just in case, this was a specific setup for our organization and may not work for others
  • we did have issues with the web config file and sync but the articles linked were what we used to troubleshoot and come up with this solution 
  • also please review O365 licensing for your own requirements

Hope this helps,

Ryan


Does anyone have an actual answer to this on how DUO is configured for accumatica?


@shantinannepaga76 

Can you share how you set up DUO to work with Acumatica sign-in?


I used DUO app on my phone for Office 365. It is similar to Authenticator app.


I think @shantinannepaga76 has done this


Hi @KempOdell68 I don’t know the answer to that. We’d need one of our product experts here to chime in.


@Chris Hackett I have not found anything on this.  Is there a way to use DUO instead of the mobile app?


 Hi @dhoffman41 were you able to find an answer to your question? Thank you!


We are looking at this possibility as well.  Anyone using DUO for authentication?

Thanks,

Kemp


Reply