Skip to content
vScope Support Page

Cisco Duo

Connect Cisco Duo to vScope with a Duo Admin API application. vScope uses the Admin API credential to collect MFA coverage and user enrollment information from Duo.

Prerequisites

Section titled “Prerequisites”
  • Access to the Duo Admin Panel with permission to add applications.
  • A Duo Admin API application for vScope.
  • Network access from vScope to your Duo API hostname over HTTPS.

Create an Admin API application in Duo

Section titled “Create an Admin API application in Duo”
  1. Log in to the Duo Admin Panel.
  2. Go to Applications > Application Catalog.
  3. Search for Admin API.
  4. Select Admin API and click + Add.
  5. Name the application, for example vScope.
  6. Copy the Integration key, Secret key, and API hostname.

Configure Admin API permissions

Section titled “Configure Admin API permissions”

Enable the read permissions vScope needs for inventory:

  • Grant read resource
  • Grant read log

If your vScope credential lists additional required permissions, enable those permissions on the same Admin API application.

Add the Cisco Duo credential in vScope

Section titled “Add the Cisco Duo credential in vScope”

  1. In vScope, go to Discovery > Credentials.

  2. Click Create credential and choose Cisco Duo.

  3. Enter the Base URL using the Duo API hostname and Admin API path:

    https://api-xxxxxxxx.duosecurity.com/admin/v1

  4. Enter the Integration Key from the Duo Admin API application.

  5. Enter the Secret Key from the Duo Admin API application.

  6. Optional: add a Note to describe the credential.

  7. Optional: add Custom request headers if your environment requires them.

  8. Optional: assign a Proxy if vScope should connect to Duo through a Discovery Proxy.

  9. Click Test Credential.

  10. Save the credential and run discovery.

Troubleshooting

Section titled “Troubleshooting”

Authentication fails

Section titled “Authentication fails”

Confirm that the Integration Key, Secret Key, and API hostname are copied from the same Admin API application. The vScope Base URL must include https:// and end with /admin/v1.

Permission errors

Section titled “Permission errors”

Review the Admin API application in Duo and confirm that the required read permissions are enabled. For complete inventory, start with Grant read resource and Grant read log.

No or partial Duo inventory

Section titled “No or partial Duo inventory”

If the credential test succeeds but inventory is incomplete:

  1. Check whether the Admin API application has network restrictions.
  2. Confirm that the vScope server or Discovery Proxy can reach the Duo API hostname on HTTPS.
  3. Run a new discovery after changing permissions in Duo.

See also

Section titled “See also”