Set up multifactor authentication with Duo
ENVIRONMENT: Datto Partner Portal
This article describes how to set up multifactor authentication (MFA) for the Datto Partner Portal using Duo MFA.
Duo is a multifactor authentication application with a wide variety of authentication methods that make it easy for every user to securely and quickly log in. Duo Push, sent by the Duo Mobile authentication app, lets users approve push notifications to verify their identity.
Prerequisites to use Duo push notifications
- You must have a Duo account to receive push notifications. To set up a free Duo account, send a request email stating you are a Datto partner to msp@duo.com.
- Only Security Administrators can configure company-wide Duo mfa in the Datto Partner Portal.
- End users cannot configure Duo push notifications if multiple portal accounts are associated with the user's email address. These users must manually enter in their 6 digit security code from the Duo Application.
Initial setup steps for Security Admins
This process assumes your company is new to Duo. If you already use Duo, check your alias setup after creating your username to ensure your username is associated with your existing account, instead of being created as a new username.
A user from your company who is assigned the role of Security Admin must complete the initial Duo setup.
1. Click the Admin tab, then select Security Settings from the Drop-Down menu. Only users with the Role of Security Admin will be able to see the Security Settings page.
2. In the TWO-FACTOR AUTHENTICATION section of the Security Settings page, click SET UP COMPANY mfa.
Figure 2: Multifactor Authentication setup on the Security Settings page
3. On the mfa SET UP screen, select Duo, then click NEXT.
The Setup screen will show three fields, into which you will enter the appropriate information the Duo Web Application provides.
1. In another browser tab, log into Duo.
Figure 5: The Duo login screen
2. In the Duo Dashboard, select Applications in the left-hand navigation bar, then select Protect an Application from the drop-down menu.
3. In the search bar, search for 'Web SDK,' then click the Protect button.
Figure 7: The application selector
4. Copy the information within the following fields into the corresponding fields in the partner portal, as shown in Figure 4:
- Integration key
- Secret key
- API hostname.
For more information on these fields, click the link for Duo Web SDK documentation.
Duo mobile device setup steps for users
1. Install the Duo app from either the Apple App Store or Google Play Store.
Figure 9: Duo Mobile in the Google Play Store
2. On the Duo Mobile welcome screen click Get Started. Accept any permission requests.
3. In your business email account, open the email from Duo Security titled Duo Security Enrollment, then click the enrollment link within the email.
1. Log into the Datto Partner Portal, The system will prompt you to authenticate your login through your current third-party mfa application, if applicable.
Figure 10: The Datto Partner Portal login screen
2. The Duo setup dialog box will appear. Click the Start setup button to begin.
Figure 11: The Duo setup dialog box
3. Specify the type of mobile device you will use to authenticate your login requests.
Figure 12: Device type selection
4. Enter your mobile telephone number.
Figure 13: Mobile phone number entry
5. Select your phone's operating system type (iPhone, Android, Windows Phone, or other).
6. On your computer, click the I have Duo Mobile installed button.
Figure 15: Duo enrollment, app install confirmation
7. Open the Duo Mobile app on your mobile device, then scan the QR mode on your computer screen.
Figure 16: Duo enrollment, QR code
Verifying mfa enablement
In the Datto Partner Portal, click your username in the upper right-hand corner of the screen, then select User Settings from the drop-down menu.
Figure 17: Partner Portal User Settings
The multifactor Authentication card will show a SECURED badge.
Figure 18: The Multifactor Authentication card in User Settings
Removing Organization MFA using Duo
1. In the Datto Partner Portal, click the Admin tab, then select Security Settings from the Drop-Down menu. Only users with the Role of Security Admin will be able to see the Security Settings page.
2. In the multifactor Authentication card on the Security Settings page, click RESET COMPANY mfa.
Figure 19: The Multifactor Authentication card in Security Settings
3. Click CONFIRM.
Figure 20: The CONFIRM link on the Reset Multifactor Authentication screen
Figure 21: The DONE link on the Reset Multifactor Authentication screen
The system will send an email to all affected users acknowledging that Duo has been removed for organizational mfa.
Figure 22: The Removal acknowledgment email
4. The system will send a temporary one-time passcode to your email upon their next login. If you do not receive the token, click the Email link to receive a new one.
Figure 23: The Resend Token link
5. Click your account name and select User Settings from the drop-down menu.
Figure 24: The Users menu in the Datto Partner Portal
6. Click CONFIGURE.
Figure 25: The Multifactor Authentication card
7. Select the Third Party Authenticator App radio button, then click Enable mfa to configure your multifactor authentication with the third-party authenticator app of your choice.
Additional resources
Refer to the following for more information: