This article describes how to set up Two-Factor Authentication (2FA) for the Datto Partner Portal using Duo 2FA.
- Datto Partner Portal
DUO is a multi-factor authentication application with a wide variety of authentication methods that make it easy for every user to securely and quickly log in. Duo Push, sent by the Duo Mobile authentication app, lets users approve push notifications to verify their identity.
- Initial setup steps for Security Admins
- Duo mobile device setup steps for users
- Removing organization 2FA using Duo
Initial setup steps for Security Admins
A user from your company who is assigned the role of Security Admin must complete the initial Duo setup.
In the Datto Partner Portal
1. Click the Admin tab, then select Company Settings from the Drop-Down menu. Only users with the Role of Security Admin will be able to see the Company Settings page.
2. In the TWO-FACTOR AUTHENTICATION section of the Company Settings page, click SET UP ORGANIZATION 2FA.
3. On the 2FA SET UP screen, select Duo, then click NEXT.
The Setup screen will show three fields, into which you will enter the appropriate information the Duo Web Application provides.
In the Duo Admin Portal
1. In another browser tab, log into Duo.
2. In the Duo Dashboard, select Applications in the left-hand navigation bar, then select Protect an Application from the drop-down menu.
3. In the search bar, search for 'Web SDK,' then click the Protect button.
4. Copy the information within the following fields into the corresponding fields in the partner portal, as shown in Figure 4:
- Integration key
- Secret key
- API hostname.
For more information on these fields, click the link for Duo Web SDK documentation.
Duo mobile device setup steps for users
Enable the Duo app on your mobile phone
1.. Install the Duo app from either the Apple App Store or Google Play Store.
2. On the Duo Mobile welcome screen click Get Started. Accept any permission requests.
3. In your business email account, open the email from Duo Security titled Duo Security Enrollment, then click the enrollment link within the email.
Set up Duo in the Datto Partner Portal
1. Log into the Datto Partner Portal, The system will prompt you to authenticate your login through your current third-party 2FA application, if applicable.
2. The Duo setup dialog box will appear. Click the Start setup button to begin.
Figure 10: The Duo setup dialog box (click to enlarge)
3. Specify the type of mobile device you will use to authenticate your login requests.
Figure 11: Device type selection (click to enlarge)
4. Enter your mobile telephone number.
Figure 12: Mobile phone number entry (click to enlarge)
5. Select your phone's operating system type (iPhone, Android, Windows Phone, or other).
Figure 13: Phone OS selection (click to enlarge)
6. On your computer, click the I have Duo Mobile installed button.
7. Open the Duo Mobile app on your mobile device, then scan the QR mode on your computer screen.
Verifying 2FA enablement
In the Datto Partner Portal, click your username in the upper right-hand corner of the screen, then select User Settings from the drop-down menu.
The Two Factor Authentication card will show a SECURED badge.
Removing Organization 2FA using Duo
1. In the Datto Partner Portal, click the Admin tab, then select Company Settings from the Drop-Down menu. Only users with the Role of Security Admin will be able to see the Company Settings page.
2. In the Two Factor Authentication card on the Company Settings page, click RESET ORGANIZATION 2FA.
3. Click CONFIRM.
The system will send an email to all affected users acknowledging that Duo has been removed for organizational 2FA.
4. The system will send a temporary one-time passcode to your email upon their next login. If you do not receive the token, click the Email link to receive a new one.
Figure 23: The Resend Token link (click to enlarge)
5. Click your account name and select User Settings from the drop-down menu.
6. Click CONFIGURE.
Figure 25: The Two-Factor Authentication card (click to enlarge)
7. Select the Third Party Authenticator App radio button, then click Enable 2FA to configure your two-factor authentication with the third-party authenticator app of your choice.