Versions Compared

Old Version 3

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 4

changes.mady.by.user Jeffery Birks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Duo supports authentication using one-time password (OTP) hardware tokens such as Deepnet SafeID. There are 2 types of OTP tokens, event-based (HOTP) and time-based (TOTP), adn and Duo can support both event-based and timed based tokens. However,  Duo Duo does not support TOTP token drift or TOTP resync. As a result, TOTP tokens may eventually fall out of sync and generate invalid passcodes. Therefore, in long run, event-based token works better with Duo.

Deepnet SafeID provides both event-based and time-based tokens. Below is the list of SafeID tokens:http://www.deepnetsecurity.com/authenticators/one-time-password/safeid/

Import Hardware Tokens

Frist obtain you seed data using the instructions in the following guide (in step 4 select "Duo CSV");

Image Added

To import hardware tokens into Duo, follow the steps below.

1 - Log in to

...

the Duo Admin Panel

Image Modified

2 -

...

Click 2FA Devices

...

 in the left sidebar, then

...

click Hardware Tokens. A list of hardware tokens is shown, along with the attached end user, if any.

Image Modified

3 - Click

...

the Import Hardware Tokens

...

 button

Image Modified

4 - Select the correct Token type, (i.e.

...

for Safeid/Eco tokens select "HOTP 6-digit", and for all other Safeid tokens select "TOTP-6 digit

...

").

5 - Open the SafeID token seed file received from Deepnet Security in a text editor such as Notepad

Image Modified

Image Modified

6 - Copy the entire content and paste it in to the CSV token data box in the Duo portal

Image Modified

7 - Click Import Hardware Tokens button 

Image Modified

Assigning Hardware Tokens

Once tokens have been uploaded the will need to be assigned to users using the following instructions;

Expand
titleHow to assign hardware tokens to end users in Duo

Include Page
Assign a hardware token to an end user in Duo
Assign a hardware token to an end user in Duo

Synchronising HOTP Hardware Tokens

If you are using SafeID/Eco event based tokens (HOTP), then if you find that the OTP codes generated by the token are rejected by Duo during authentication, you may find that you need to synchronise the tokens using the following procedure;

Expand
titleHow to Synchronise HOTP hardware tokens with Duo

Include Page
Resynchronize Tokens in Duo
Resynchronize Tokens in Duo

Please note that only event based HOTP tokens (SafeID/Eco)  can be synchronised with Duo as Duo currently doesn't support synchronising TOTP tokens.

Deleting Hardware Tokens

Tokens that have been previously imported into Duo can be removed using the following procedure;

Expand
titleHow to delete hardware tokens in Duo

Include Page
Delete Tokens in Duo
Delete Tokens in Duo