Configuring Multi-Factor authentication (MFA)

Configuring Duo MFA

Prerequisites

You will need administrator access to the 7fivefive Lens Portal
You will need administrator access to your Duo account

Creating the Duo application

Before configuring the Lens Portal, we need to create a Duo application. This will provide us with the API credentials we need to connect via the Lens Portal.

Log in to the Duo administrator dashboard
In the left-side menu select Applications
Click the Protect an Application button
In the search box, enter Web SDK. On the Web SDK item, click the Protect button
Make a note of the following details
1. Client ID
2. Client secret
3. API hostname
Scroll down to the Settings section. In the Name field enter something like Lens Portal. This can be anything, however, it is recommended to have something that is descriptive so the application is not modified by accident in future.
Depending on your authentication provider (AD, SAML etc) you may want to enable the Simple option in the Username normalization field.
Click the Save button

Configuring the Lens Portal

Login to the Lens Portal. The user must have the 'Access to Settings' permission for the location where the scheduler will be enabled.
In the left sidebar, open the Configuration menu, then select the Settings option
Under the General group, select the Authentication option
Click the Multi-Factor Authentication tab
Check the Enabled toggle
Ensure that the Lens Portal FQDN is correct in the 7fivefive Lens public FQDN field
In the Client ID field, enter the client ID saved from the previous section
In the Client Secret field, enter the client secret saved from the previous section
In the API Hostname field, enter the API hostname saved from the previous section
In the Fail mode selection box, choose how you want the portal to behave if it is unable to contact Duo.
Click the Save button
Confirm the connection by scrolling to the Client ID field and clicking the Test connection button.