《使用 Duo API 保护和管理您的应用程序、用户、策略和端点.pdf》由会员分享,可在线阅读,更多相关《使用 Duo API 保护和管理您的应用程序、用户、策略和端点.pdf(35页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveBoat Agboatwalla Director Product Management;Technology PartnershipsDEVNET-2121Secure and manage your applications,users,policies and endpoints with Duo APIs 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3
2、Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until Jun
3、e 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-2121Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDuo OverviewHow To IntegrateWeb SDKAPIsPartner Use CasesDEVNET-21214Duo Overview 2023 Cisco and/or its affiliates.All rights reser
4、ved.Cisco Public#CiscoLiveDuo Access ManagementContinuous Trusted AccessContinuous Trusted Access with Riskwith Risk-Based AuthenticationBased AuthenticationAuthenticate usersVerify devicesEnable accessMFAPasswordlessEmployees,contractors,vendors,external 3rd parties,etc.Device TrustDevice health&co
5、mplianceMac,Win,Linux*,iOS,Android,BYODSingle Sign-On(SSO)VPN-less remote accessAll apps cloud,on-prem and privateCORPORARTE RESOURCESCloud,On-premise,Public,Private,HybridZero Trust for the WorkforceDEVNET-21216Basics Starting an integration 2023 Cisco and/or its affiliates.All rights reserved.Cisc
6、o Public#CiscoLiveSetupApplications SearchClient IDOR Integration keySecretAPI hostname8DEVNET-2121Web SDK v4-Web App MFAFastest way to integrate 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdd two-factor auth to your web application10DEVNET-2121BeforeAfter 2023 Cisco
7、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUniversal Prompt11DEVNET-2121*Duo Edition DependentSelf-EnrollmentAuthentication Method(9 options)Policy Checks*Duo Device Health Check*Client Libraries(OIDC compliant)PythonJavaGoPHPNode.jsC#(.NET)https:/ 2023 Cisco and/or its affiliat
8、es.All rights reserved.Cisco Public#CiscoLiveAdd to your Python or PHP App12DEVNET-2121Pythonhttps:/ API OIDCMFA 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuth API-OIDCAdd twoAdd two-factor auth to your OIDC web application factor auth to your OIDC web application Wh
9、y?A web app that already supports the OIDC protocol for authenticationWhy not Web SDK v4?We dont support the languageYou require a specific workflow not supported by the Web SDKUniversal PromptUniversal Prompt14DEVNET-2121Self-Enrollment Authentication Method(9 options)Policy Checks*Duo Device Healt
10、h Check*Duo Edition Dependent 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow It Works15DEVNET-21211.OIDC Application(App)makes request to Duo to check for MFA authorization2.Duo confirms or denies the request3.If confirmed,Duo provides the redirect URL for the MFA Uni
11、versal Prompt4.User is redirected back to requesting App5.The App will then request auth result from Duo6.The App will approve/deny the login quest1 12 23 34 45 56 6Auth API RESTMFA 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuth API-RESTAdd twoAdd two-factor auth to
12、ANY application factor auth to ANY application Why?End user experience requires custom UI/UX No Universal PromptNeed MFA for non-web applications(legacy apps)Why not Web SDK v4 or Auth API OIDC?Is only for web applicationsUI/UX is controlled by Duo via redirects to Universal PromptWhats Lost?No Univ
13、ersal Prompt=No device health and no policy checks17DEVNET-2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat can you do?Enroll Users generate a QR code for user to scan Check User Status confirm is the user has been enrolled or notPreauth determine is user is allow
14、ed to AuthAuth Send the configured MFA auth factor to the userAuth Status Success or Fail18DEVNET-2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUse Case:More than just MFA protection?19DEVNET-2121I would like to transfer$1MLet me start the processBank Inc.Do you app
15、rove the$1M transfer?Bank Inc.Sally ApprovedDo you approve the$1M transfer?Transfer ApprovedEmbed an authorization flow into your applicationAdmin API 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLots of Admin Functions!1.1.UsersUsers2.Groups3.3.PhonesPhones4.Tokens5.U2
16、F Tokens6.WebAuthn Credentials7.Bypass Codes8.Integrations9.9.PolicyPolicy21DEVNET-212110.Endpoints11.Administrators12.Administrative Units13.13.LogsLogs14.Trust Monitor15.Settings16.Custom Branding17.Account Info 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUsers-List,
17、Create,Enroll,Delete and ModifyProgrammatically manage users from other systemsHuman Resource Management Systems(Workday,Ripping,SAP)Programmatically create and enroll users into DuoStudent Systems Highly dynamic population in EDU sectorDocs:https:/ 2023 Cisco and/or its affiliates.All rights reserv
18、ed.Cisco Public#CiscoLiveLogs-Auth,Telephony,User/Admin Actions,Trust Monitor,and Offline EnrollmentsTroubleshoot end user issuesInvestigate security incidentsImport logs into SIEMAggregate logs from all your security systemsGain greater observability of your organizations security posture Blog:http
19、s:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePhone List,Create,Modify and DeleteAssociate a user and phoneSend activation codes Retrieve a list of phone devices,attributes and associationsCommon use cases:Troubleshoot/investigate:Activated,Encrypted and Last seen.De
20、termine:Platform,Tampered or Screenlock is ActivatedDocs:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePolicy API-Create,Read,Update and DeleteManaging Policies via Admin panel can be burdensomeAuditFor compliance-Can retrieve all policies for reviewTroubleshooti
21、ng-Access issues.Review IP addresses used in specific policiesDuplicate and ApplyApplications that require the same policiesRead,Create and Apply!Change ManagementRead and Modify Send changes to Change Management ToolsDocs:https:/ Integrations 2023 Cisco and/or its affiliates.All rights reserved.Cis
22、co Public#CiscoLive27DEVNET-2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive28DEVNET-2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBioConnect LinkBioConnect LinkEnabling Duo MFA for physical accessEnabling Duo MFA for physical accessS
23、mall IoT Device that extends Ciscos Duo MFA to Cyber Physical ApplicationsRetrofit existing readers in less than 30 minGrants Limited Access for Employees and Contractors in Real-Time.Data Center Server Cabinets,Remote Enclosures,Communications Closets,Critical Entry Doors29DEVNET-21214 YEARS IN A R
24、OW4 YEARS IN A ROWSIA AWARD WINNERSIA AWARD WINNER 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSystem Diagram OverviewSystem Diagram Overview30DEVNET-2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees
25、 who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!31DEVNET-2121These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Li
26、ve Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit t
27、he On-Demand Library for more sessions at www.CiscoL YouResources:Resources:Docs:https:/ Code:https:/ Signup:https:/ Agboatwalla Ginger Leishman Jenn Kwok 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive34Gamify your Cisco Live experience!Get points Get points for attendin
28、g this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123434 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-2121#CiscoLive