07-24-2022 10:08 PM
hello ,
problem-scenario -: I have created some user in DUO and assign some categories/group to them and added ,now on client-side(my application) where the created user login using DUO-2FA ,i want the group information of user so that i can provide them permission/access/privileges according to the user group.
can anyone tell how can i get user-group info if not then any alternate way to solve my problem i just want to categorise users and provide the different permission/access/privileges ,Like in my application partymgr → one has permission to see all party info and related access to handle them
Solved! Go to Solution.
07-26-2022 11:47 AM
If you added Duo 2FA to your application using our [OIDC-based API](Duo OIDC Auth API - Duo Universal Prompt | Duo Security (or the v4 Duo Web SDKs built on that API) then the access token response includes a list of that Duo user’s Duo group memberships.
See the example response here: Duo OIDC Auth API - Duo Universal Prompt | Duo Security
Duo group membership information is not included in the REST Auth API so if that is how you added Duo 2FA to your application you would need do something like persist the Duo username your application submits to the Auth API (provided by the user) in memory and then use it to make an Admin API GET in your application to retrieve the user_id for that user specified by username and then another Admin API GET to retrieve the user’s Duo group memberships by user_id.
07-26-2022 11:47 AM
If you added Duo 2FA to your application using our [OIDC-based API](Duo OIDC Auth API - Duo Universal Prompt | Duo Security (or the v4 Duo Web SDKs built on that API) then the access token response includes a list of that Duo user’s Duo group memberships.
See the example response here: Duo OIDC Auth API - Duo Universal Prompt | Duo Security
Duo group membership information is not included in the REST Auth API so if that is how you added Duo 2FA to your application you would need do something like persist the Duo username your application submits to the Auth API (provided by the user) in memory and then use it to make an Admin API GET in your application to retrieve the user_id for that user specified by username and then another Admin API GET to retrieve the user’s Duo group memberships by user_id.
08-03-2022 02:45 AM
right i get it thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide