Two Factor Authentication (2FA) using Duo Security

What is Duo Security?

Duo Security 2FA

Duo Security provides two-factor authentication solution for any application that requires it. You can use Duo security to add 2FA to your Watch My Domains SED installation. Your users will have to use their phone to complete their authentication after the normal user credentials are entered.

How to Enable Duo 2FA for Watch My Domains SED

  • Sign up for a Duo account. Duo has a free plan that supports up to 10 users. You will also receive 100 free telephony credits. You will need to purchase additional credits after it runs out.
  • Log in to the Duo Admin Panel and navigate to Applications.
  • Click 'Protect an Application' and locate 'Web SDK' in the applications list. Click 'Protect this Application' to get your integration key, secret key, and API hostname. See Getting Started at Duo for help.
  • Create users and enrol them. Please see Enrolling Users. You should enrol all your users who have corresponding accounts for accessing Watch My Domains SED, this includes your own SED administration account.
  • Copy the custom.login.duo-sample.php script in lib/php/custom folder to custom.login.php in the root folder of Watch My Domains SED. Open it in any text editor and specify a random duo_application_key. It should be minimum 40 characters long and kept a secret.
  • Specify the two key values plus the duo_host_name you obtained in step 3 in the custom.login.php file. Please see below for an example.
  • Two factor authentication should be enabled now.
   $duo_application_key = "CREATEYOUROWNSECRETKEYHEREANDKEEPITSECRET";
   
   # Get these three from the Duo Security admin panel for the Application.
   
   $duo_integration_key = "PINLI4R48UJWVY1GMSV3C";
   $duo_secret_key      = "P643zEztc8uDZtjZQ8QsTuEOQQtkWOaUkXNpIOxD";
   $duo_host_name       = "api-ef2c4ab3.duosecurity.com";