cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
941
Views
0
Helpful
2
Replies

Duo 2FA how to get user group info in client-end(Web-Application)

ROHIT_Pawar
Level 1
Level 1

hello ,
problem-scenario -: I have created some user in DUO and assign some categories/group to them and added ,now on client-side(my application) where the created user login using DUO-2FA ,i want the group information of user so that i can provide them permission/access/privileges according to the user group.

can anyone tell how can i get user-group info if not then any alternate way to solve my problem i just want to categorise users and provide the different permission/access/privileges ,Like in my application partymgr → one has permission to see all party info and related access to handle them

1 Accepted Solution

Accepted Solutions

DuoKristina
Cisco Employee
Cisco Employee

If you added Duo 2FA to your application using our [OIDC-based API](Duo OIDC Auth API - Duo Universal Prompt | Duo Security (or the v4 Duo Web SDKs built on that API) then the access token response includes a list of that Duo user’s Duo group memberships.

See the example response here: Duo OIDC Auth API - Duo Universal Prompt | Duo Security

Duo group membership information is not included in the REST Auth API so if that is how you added Duo 2FA to your application you would need do something like persist the Duo username your application submits to the Auth API (provided by the user) in memory and then use it to make an Admin API GET in your application to retrieve the user_id for that user specified by username and then another Admin API GET to retrieve the user’s Duo group memberships by user_id.

Duo, not DUO.

View solution in original post

2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

If you added Duo 2FA to your application using our [OIDC-based API](Duo OIDC Auth API - Duo Universal Prompt | Duo Security (or the v4 Duo Web SDKs built on that API) then the access token response includes a list of that Duo user’s Duo group memberships.

See the example response here: Duo OIDC Auth API - Duo Universal Prompt | Duo Security

Duo group membership information is not included in the REST Auth API so if that is how you added Duo 2FA to your application you would need do something like persist the Duo username your application submits to the Auth API (provided by the user) in memory and then use it to make an Admin API GET in your application to retrieve the user_id for that user specified by username and then another Admin API GET to retrieve the user’s Duo group memberships by user_id.

Duo, not DUO.

right i get it thanks.

Quick Links