1. Blumira Support
  2. Deploying Blumira
  3. Blumira Cloud Connectors

Quick Links

Integrating with Duo Security

Overview

Blumira integrates with Duo Security to stream authentication and endpoint logs and alerts to Blumira for threat detection and actionable response. We then apply threat intelligence and user entity behavior analytics to detect malicious and high-risk logins, such as geo-impossible logins.

Important: Dedicate a specific Admin API application in Duo to your Blumira integration. Do not reuse the same Duo Admin API credentials for multiple applications. Rate limits for Duo's API will cause logging delays or disruption if too many requests are processed with the same credentials.

Before you begin

Required: You must be a Duo Security Administrator with the Owner role to create or modify an Admin API application in the Duo Admin Panel.

Before you can add the Duo Security Cloud Connector in Blumira, you must gather your Duo Admin API credentials:

  • Duo integration key
  • Duo secret key
  • Duo API hostname

To obtain your Duo Admin API information complete the steps in Duo Admin API: First Steps.
In Step 4, ensure that you check the boxes next to these permissions:

  • Grant read information
  • Grant read log

Video tutorial: Watch a video of the steps to complete the integration below.

Providing your API credentials to Blumira

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.

To configure the Blumira Cloud Connector:

  1. In the Blumira app, navigate to Settings > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector you want to add.
  4. In the Cloud Connector Name box, type a name to help identify the specific integration. 
  5. Enter the credentials that you collected in the previous steps.
  6. Click Connect.

Testing a Duo detection

After your Cloud Connector is configured, wait at least 15 minutes for detection rules to automatically be deployed to your account, then use our testing procedures to trigger test detections that you can resolve in the app. See Testing Duo Security detections for steps.

Related Articles