1. Expel Support Center
  2. Connect your technology
  3. SaaS integrations

DUO Cloud setup for Workbench

  • Updated

This article explains how to connect DUO Cloud to Expel Workbench.

In this article

Before you start

Here's what you need to get started:

  • DUO Cloud administrator account with Owner role.

  • DUO Cloud Admin APIs enabled as these aren't enabled by default. For more information about DUO Cloud Admin APIs, go to https://duo.com/docs/adminapi.

Step 1: Generate API credentials

To integrate the technology with Workbench, we need to create secure credentials to the API.

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech.

  1. Log in to the DUO Cloud admin portal as an Owner (https://admin.duosecurity.com) and navigate to Applications > Protect an Application.

    • Click Protect this Application for the DUO Cloud Admin API.

  2. On the next screen, copy and save the Integration key, Secret key, and API hostname for this application. These are the credentials Expel needs to connect to the DUO Cloud service.

    Tip

    These are not shown again, so save them now.

  3. In the Settings section, name the application something descriptive. We recommend Expel API.

  4. Check the following required permissions:

    Permissions

    What Expel does with it

    Grant read information

    Reads total user count.

    Grant read log

    Reads audit logs for security monitoring.

    Grant read resource

    Reads user and groups information and enrich events with this context.

  5. If you prefer to specify the IPs to access the API, list the following in the Networks for API Access field:

    • 34.75.13.114

    • 34.75.152.7

    • 35.243.190.98

    • 104.196.158.205

    • 34.75.81.28

    • 34.75.210.18

  6. Click Save changes.

Step 2: Configure the technology in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

Note

Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. In a new browser tab, log into Workbench.

    DUO_Device_Connect.png

  2. Type in this information:

    • Name and Location.

    • API Hostname from Step 1.

    • Integration key from Step 1.

    • Secret key from Step 1.

  3. Click Save.

You can see if the device is healthy on the Security Devices page. It may take a few minutes to see the device listed as healthy.

To check if alerts are coming through, navigate to the Alerts Analysis page. Scroll to the device you want to check and click View alerts. Switch to grid view, then check the list for device alerts. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

  • Was this article helpful?

  • 0 out of 0 found this helpful

Related articles