Step 1: Overview

This article provides instructions on how to integrate the Duo application with Expel. What you need to get started:

1. Duo administrator account with Owner role.
2. Duo Admin APIs enabled as these aren't enabled by default. Reference https://duo.com/docs/ adminapi.

Step 2: Generate API credentials

To integrate the technology with Expel, we need to create secure credentials to the API. Depending on the permissions allowed in Step 1, Expel may be able to generate API credentials. If you're unsure, reach out to your Expel Customer Success Engineer, or email customerhealth@expel.io.

1. Log in to the Duo admin portal as an Owner (https://admin.duosecurity.com).
2. Applications > Protect an Application.
   
3. Click Protect this Application for the Duo Admin API.
   
4. On the next screen, copy and save the Integration key, Secret key, and API hostname for this application. These are the credentials Expel needs to connect to the Duo service. These are not shown again, so save them now.
   
5. In the Settings section, name the application something descriptive. We recommend Expel API.
   
6. Make sure to check the following required permissions: 
   

   Permission	What Expel does with it
   Grant read log	Reads audit logs for security monitoring.
   Grant read resource	Reads user and groups information and enrich events with this context.

Step 3: Configure the technology in Workbench

Now that we have access and noted the credentials, we can integrate Duo with Expel.  

1. In a new browser tab, log into https://workbench.expel.io.
2. On the console page, navigate to Settings and click Security Devices.
3. At the top right of the page, select Add Security Device.
   
4. Find and select your technology.
   
5. Enter the Name and Location.
   • • Enter the Integration key from Step 2.
     • Enter the API Hostname from Step 2.
     • Enter the Secret Key from Step 2.
6. Click Save.

After a few minutes, refresh the Security Devices page and you see your device status reporting as Healthy, or if there is an issue, you see details of what the issue may be.

To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.