# duo ### Create Duo MFA method This endpoint creates a new MFA method of type Duo. | Method | Path | | ------ | -------------------------- | | `POST` | `/identity/mfa/method/duo` | #### Parameters * `method_name` `(string)` - The unique name identifier for this MFA method. Supported from Vault 1.13.0. * `username_format` `(string)` - A template string for mapping Identity names to MFA methods. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}"`. If blank, the Entity's Name field is used as-is. * `secret_key` `(string: )` - Secret key for Duo. * `integration_key` `(string: )` - Integration key for Duo. * `api_hostname` `(string: )` - API hostname for Duo. * `push_info` `(string)` - Push information for Duo. * `use_passcode` `(bool: false)` - If true, the user is reminded to use the passcode upon MFA validation. #### Sample payload ```json { "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}", "secret_key": "BIACEUEAXI20BNWTEYXT", "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz", "api_hostname": "api-2b5c39f5.duosecurity.com", "method_name": "ns1_duo" } ``` #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/duo ``` #### Sample response ```json { "data": { "method_id": "0888fd69-4ea2-91d7-415e-c4bba548529b" } } ``` ### Update Duo MFA method This endpoint updates the configuration of an MFA method of type Duo. | Method | Path | | ------ | ------------------------------------- | | `POST` | `/identity/mfa/method/duo/:method_id` | #### Parameters * `method_id` `(string: )` - UUID of the MFA method. * and all of the parameters documented under the preceding "Create" endpoint. #### Sample payload Identical to the preceding "Create" endpoint. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d ``` ### Read Duo MFA method This endpoint queries the MFA configuration of Duo type for a given method ID. | Method | Path | | ------ | ------------------------------------- | | `GET` | `/identity/mfa/method/duo/:method_id` | #### Parameters * `id` `(string: )` – UUID of the MFA method. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request GET \ http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d ``` #### Sample response ```json { "data": { "api_hostname": "api-2b5c39f5.duosecurity.com", "id": "4194659f-139b-400b-b5dd-86bfb726759d", "integration_key": "BIACEUEAXI20BNWTEYXT", "pushinfo": "", "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz", "type": "duo", "username_format": "{{identity.entity.aliases.auth_userpass_1793464a.name}}", "use_passcode": false } } ``` ### Delete Duo MFA method This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use by a login enforcement. | Method | Path | | -------- | ------------------------------------- | | `DELETE` | `/identity/mfa/method/duo/:method_id` | #### Parameters * `method_id` `(string: )` - UUID of the MFA method. #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d ``` ### List Duo MFA methods This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces. | Method | Path | | ------ | -------------------------- | | `LIST` | `/identity/mfa/method/duo` | #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request LIST \ http://127.0.0.1:8200/v1/identity/mfa/method/duo ``` #### Sample response ```json { "data": { "keys": [ "4194659f-139b-400b-b5dd-86bfb726759d" ] } } ```