Documentation

Duo

Connect your Duo instance to use Opal to manage and review access.

Suggest Edits

Want to set up Opal to manage access to your Duo groups? We have you covered.

Opal's integration with Duo supports the following, and more:

  • Users can request time-bounded access to your Duo groups.
  • Auditors can initiate access reviews that assign managers or group admins to periodically review users with long-lived access to Duo groups.
  • Admins can add resources from other Opal integrations to an Duo group so an Duo group's members can automatically gain birthright access to, for example, a GitHub repo, AWS IAM role, etc.
  • All access changes are tracked in a permanent audit log that can be logged to a Slack channel or exported to your favorite tools.

Please note that your users must have the optional email field populated in Duo to be imported to Opal.

Getting Started

Create a Duo app

To get started, go to the Catalog page, click + App at the top right. Then, click on the Duo tile.

Step 1 - Generate Admin API credentials

Opal requires Admin API credentials in order to manage your Duo Groups on your behalf.

To learn more about setting up Admin API credentials, check out the official Duo documentation here.

The following permissions need to be granted for Opal to successfully manage access to your Duo instance. Admin API permissions can be found in the Duo Admin Portal under Applications > Admin API > Permissions.

  • Grant read information
  • Grant read log
  • Grant read resource
  • Grant write resource

Step 2 - Fill out Opal form

Back in the Opal new App form, fill in the details about your Duo account.

If this step is successful, you have completed setting up the Duo connection!

Updated 26 days ago

What’s Next