Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Cisco Duo

Connect Cisco Duo to ingest MFA and authentication activity into Radiant for AI triage.

Radiant connects to Cisco Duo through the Duo Admin API to ingest authentication telemetry, including successful and failed multi-factor authentication attempts. Configuration is a one-time setup performed in the Duo Admin Panel and Radiant Security.

At the end of this configuration, you provide Radiant Security with the following values:

  • API hostname

  • Integration key

  • Secret key

Prerequisites

Generate Admin API credentials in Cisco Duo

For vendor instructions, refer to Cisco Duo's Admin API documentation.

1

Open the Admin API application

Sign in to the Duo Admin Panel as an Owner. In the left sidebar, click Applications, then click Protect an Application. Locate Admin API in the list and click Protect on that row.

2

Copy the credentials

The Admin API configuration page displays the three values Radiant needs. Copy and store each one securely:

  • Integration key

  • Secret key

  • API hostname

The Secret key is shown only at this page and cannot be retrieved later. If it is lost, you must reset the integration to generate a new one.

3

Grant the Read log permission and save

On the same page, scroll to Permissions and select Grant read log. Click Save at the bottom of the page.

Add the data connector in Radiant Security

  1. Sign in to Radiant Security.

  2. From the navigation menu, select Settings > Data Connectors and click + Add Connector.

  3. Search for and select Cisco Duo, then click Data Feeds.

  4. Under Select your data feeds, select Cisco Duo and click Credentials.

  5. Under Credential Name, enter a descriptive name (e.g., Duo-Credentials).

  6. Under Required Credentials, enter the values you copied from Cisco Duo:

    • API hostname: enter without the https:// prefix, in the format api-XXXXXXXX.duosecurity.com.

    • Integration key

    • Secret key

  7. Click Add Connector to save the configuration.

Verify ingestion

After Cisco Duo begins forwarding, confirm events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"cisco_duo".

  3. Confirm recent events appear.

Allow several minutes for events to be parsed, indexed, and available for search.

PreviousCisco ASANextCisco FTD

Last updated

Was this helpful?