This site requires JavaScript to be enabled
External Customer KB > General > Enabling Duo Security as an Authentication Factor
Enabling Duo Security as an Authentication Factor
Article: KB0010621 Published: 11/07/2023 Last modified: 11/07/2023

You can configure OneLogin to enable your users to add Duo Security as an authentication factor for use with multi-factor authentication (MFA). When your administrative configuration is complete, your users will be able to enroll themselves in Duo and register their Duo-enabled device with OneLogin.


This process requires administrative access to a Duo Security account.

This feature requires a OneLogin subscription that includes Multi-Factor Authentication. Speak with your account representative for more information.



  1. In your OneLogin admin portal, create a new authentication factor and choose Duo Security from the Partners category.

    Duo Security
  2. Open your Duo Admin Panel in another tab or window and locate OneLogin in your applications. Copy the following data from Duo to your new auth factor in OneLogin:

    Duo Security value

    OneLogin field

    Client ID

    Integration Key

    Client secret

    Secret Key

    API hostname

    API Hostname

    Duo Security - OneLogin App Information
    OneLogin - Duo Security Auth Factor
  3. For Duo OTP Identifier, select the attribute in OneLogin that represents your users' Duo usernames. For example, if your users sign into Duo with their email addresses, select Email.

  4. Save the new factor and assign it to your users in OneLogin. They can now configure Duo Security as one of their authentication factors and use it to access OneLogin.



Duo Universal Prompt

Duo Security recently introduced Universal Prompt, a redesigned authentication flow that simplifies the login process. To activate Universal Prompt for your users, it must be enabled in both your Duo and your OneLogin admin accounts. Duo is discontinuing support for the traditional login prompt in March 2024, so we recommend transitioning to the new prompt as soon as possible.

Developers: While Duo's authentication legacy authentication is currently supported by the OneLogin API, the API is not compatible with the Duo Universal Prompt. If your configuration currently uses API authentication, discontinue its use and configure the Duo app connector in OneLogin as described above before activating the Universal Prompt. All API configurations should be discontinued before March 2024.

Enabling Universal Prompt

In OneLogin, select Enable Duo Universal Prompt (OIDC flow) on the Basic page of your account settings.

OneLogin - Enable Duo Universal Prompt

After saving your account settings, use Duo authentication to sign into a OneLogin account; this allows Duo to recognize the change and update your available admin options.

In Duo Security, select Show new Universal Prompt in your OneLogin app configuration.

Duo Security - Show new Universal Prompt

If Waiting on App Provider appears in your Duo configuration and you're unable to select the new prompt, verify that you have enabled the feature in OneLogin and successfully signed in with Duo as an authentication factor, then wait one hour before re-checking the configuration.

Expand/Collapse Comments
Was this helpful?