Duo Security Integration with 2FA for Enterprises | FileCloud

February 27, 2018

  You’ve probably been investigating 2-Factor Authentication (2FA) more recently. With each new data breach in the news, you increasingly realize that security doesn’t end with strong passwords. Two Factor Authentication,  also known as 2FA,  is a two-step verification method that requires a username/password and the second method of verification. Duo is a cloud-based SaaS service […]

 

You’ve probably been investigating 2-Factor Authentication (2FA) more recently. With each new data breach in the news, you increasingly realize that security doesn’t end with strong passwords.

Two Factor Authentication,  also known as 2FA,  is a two-step verification method that requires a username/password and the second method of verification. Duo is a cloud-based SaaS service that can authorize 2FA across any organization. Duo simplifies the management of end users and their 2FA devices. This support allows FileCloud 2FA management via DUO for clients who already use DUO to manage their other enterprise applications.

FileCloud is trusted by 1,000s of organizations to store critical files and data. Since FileCloud deals with mission-critical business data, we consider security as the most important vector. FileCloud already offers 2FA through Google and mail authentication. With our new version of FileCloud, you can integrate with Duo to offer 2FA and enhance the security when users access FileCloud.  Duo adds an extra layer of protection to your FileCloud account.  Once enabled, FileCloud will require a passcode in addition to your user id/password whenever you log in to FileCloud.

What is 2FA?

2FA adds an extra layer of protection to user logins by combining the use of “something you know” (your login credentials and password) and “something you possess” (One Time Passcode).  Many consumer emails and online banking applications now incorporate this additional layer of account security. For most applications using 2FA, it is most common for users to retrieve a passcode from their cell phone, smartphone,  or another smart device in order to access their account.

While SSO is convenient for users, it presents new security challenges. If a user's primary password is compromised, attackers may be able to gain access to multiple resources. In addition, as sensitive information makes its way to cloud-hosted services, it is even more important to secure access by implementing two-factor authentication.

Are text-based 2FAs enough?

The problem with 2FA is that often a distinction isn’t made between SMS-based 2FA, which sends a code to the user via text, and 2FA that requires a user to respond to a push verification sent to a specific physical device.

Text-based 2FA spreads out the potential attack surface. Instead of a code being sent to one place — like a purpose-built smartphone app or a separate authenticator device — it’s distributed throughout a set of services that might have their own vulnerabilities. A true two-factor authentication, the good kind, sends a verification prompt to one place: the device you’re holding in your hand.

Duo Security and how it works with FileCloud

We know that the most effective security solution is one your users actually use. Duo is an industry leader that provides users with multiple options to gain access to their account using 2FA. Duo’s 2FA solution only requires our users to carry one device - their phone, with the Duo Mobile app, installed. Duo Mobile is available for iPhones, Androids and more. Duo makes it very simple to protect many different apps due to their Auth API – as long as the apps support Duo. Once you have an Enterprise Plan of Duo, you can protect any sign-in process of on-premises and cloud apps.

FileCloud can be set up to use Duo security service to perform 2FA. After integrating Duo with FileCloud, users will need to install Duo app on their smart device which will provide them with the passcode. Users will, therefore, require using their ID, password and the passcode generated to log in to their FileCloud account. With this added security, your employees can collaborate and store files in this encrypted cloud drive, share data securely within the network or with outsiders, and much more. With the additional Duo 2FA enabled, your business data is protected at the highest possible security level with FileCloud.

Here's how you can integrate Duo with FileCloud

Integrate Duo with FileCloud
Integrate Duo with FileCloud
  1. Add Duo Auth API

Get integration key, secret key, and API hostname using Duo here

Enter the information Admin Portal→ Settings→ Misc→Duo Security Tab under Auth API Security Settings and save.

Add Duo Auth API
Add Duo Auth API
  1. ADD Duo Admin API

Follow instructions to get the integration key, secret key, and API hostname

Ensure it has the "Grant read resource" permission

Enter the information Admin Portal → Settings→ Misc→Duo Security Tab under Admin API Security Settings and save

Duo Security
Duo Security

 

  1. Open the Policies tab and select the policy (select the Global policy if 2FA needs to be default)
  2. Open the 2FA tab of the Policy
  3. Select "YES" to Enable Two Factor Authentication
  4. Select "Duo Security" for Two Factor Authentication Mechanism and save the policy
Duo Security for Two Factor Authentication
Duo Security for Two Factor Authentication

When users want to log into the VPN, it receives a request. The VPN communicates with Duo, which sends a request to the mobile device of the user – the second factor. When the user confirms on the second device, Duo communicates back to the VPN and only then the user is allowed access the network.

To know more about this feature and to learn how to integrate that with your FileCloud account, Click here

By Team FileCloud