Educause Security Discussion mailing list archives
Re: Duo Hardware Token Enrollment Question
From: "Telfer, Will" <Will_Telfer () BAYLOR EDU>
Date: Tue, 25 Jul 2017 15:47:31 +0000
They are pre-populated in the Duo console when they are purchased & then you pick from a drop down list to assign it to the user under the Hardware Token setting for that user. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Bayne Sent: Tuesday, July 25, 2017 10:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Duo Hardware Token Enrollment Question How is the serial number validated? Some sort of JavaScript code? User entered? How is the token's private identity and secret key obtained? Are they configured through the browser somehow? Prepopulated in the Duo Admin console? On 07/24/2017 06:25 PM, Josh Drummond wrote:
We haven't opened up to allowing purchasing of Duo Hardware tokens that broadly (yet?), but even internally we have a home built web app that authenticates the user, validates the serial number, then calls the Duo Admin API to associate the token with the user, to allow self-service setup. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Telfer, Will Sent: Monday, July 24, 2017 2:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Duo Hardware Token Enrollment Question Greetings, We are considering allowing our University Bookstore to purchase Duo Hardware Tokens in order to sell them to students who don't have (yes we have a few) or have lost/broken their mobile device(s). I contacted Duo Technical Support & was informed there is no way for students to enroll the Duo Hardware Token themselves & that they would have to make the token purchase & then contact the Duo Admin to have the token added to their user account. I was curious if anyone else allows students to purchase Duo Hardware Tokens at the bookstore or other store & if they have a better enrollment set up than what Duo told me. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig]
-- Mike Bayne Security Engineer baynema () jmu edu 1.540.568.1684 -----BEGIN PGP SIGNATURE----- IkkgaGF2ZSBub3QgZmFpbGVkLiBJJ3ZlIGp1c3QgZm91bmQgMTAsMDAwIHdheXMgdGhhdCB3b24n dCB3b3JrLiIgLSBUaG9tYXMgQWx2YSBFZGlzb24gICAgICAgICAgICAgIA== -----END PGP SIGNATURE-----
Current thread:
- Duo Hardware Token Enrollment Question Telfer, Will (Jul 24)
- Re: Duo Hardware Token Enrollment Question Josh Drummond (Jul 24)
- Re: Duo Hardware Token Enrollment Question Telfer, Will (Jul 24)
- Re: Duo Hardware Token Enrollment Question Josh Drummond (Jul 25)
- Re: Duo Hardware Token Enrollment Question Mike Bayne (Jul 25)
- Re: Duo Hardware Token Enrollment Question Telfer, Will (Jul 25)
- Re: Duo Hardware Token Enrollment Question Telfer, Will (Jul 24)
- Re: Duo Hardware Token Enrollment Question Josh Drummond (Jul 24)