Duo supports authentication using one-time password (OTP) hardware tokens such as Deepnet SafeID. There are 2 types of OTP tokens, event-based (HOTP) and time-based (TOTP), and Duo can support both event-based and timed based tokens. However, Duo does not support TOTP token drift or TOTP resync. As a result, TOTP tokens may eventually fall out of sync and generate invalid passcodes. Therefore, in long run, event-based token works better with Duo.
Deepnet SafeID provides both event-based and time-based tokens. Below is the list of SafeID tokens:
Frist obtain you seed data using the instructions in the following guide (in step 4 select "Duo CSV");
To import hardware tokens into Duo, follow the steps below.
1 - Log in to the Duo Admin Panel
2 - Click 2FA Devices in the left sidebar, then click Hardware Tokens. A list of hardware tokens is shown, along with the attached end user, if any.
3 - Click the Import Hardware Tokens button
4 - Select the correct Token type, (i.e. for Safeid/Eco tokens select "HOTP 6-digit", and for all other Safeid tokens select "TOTP-6 digit").
5 - Open the SafeID token seed file received from Deepnet Security in a text editor such as Notepad
6 - Copy the entire content and paste it in to the CSV token data box in the Duo portal
7 - Click Import Hardware Tokens button
Once tokens have been uploaded the will need to be assigned to users using the following instructions;
If you are using SafeID/Eco event based tokens (HOTP), then if you find that the OTP codes generated by the token are rejected by Duo during authentication, you may find that you need to synchronise the tokens using the following procedure;
Please note that only event based HOTP tokens (SafeID/Eco) can be synchronised with Duo as Duo currently doesn't support synchronising TOTP tokens.
Tokens that have been previously imported into Duo can be removed using the following procedure;