| external help file | Module Name | online version | schema |
|---|---|---|---|
DuoSecurity-help.xml |
DuoSecurity |
2.0.0 |
Duo Auth
Send-DuoAuth -Username <String> [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async]
[-Device <String>] [-Type <String>] [-DisplayUsername <String>] [-Passcode] [-PushInfo <Hashtable>]
[<CommonParameters>]
Send-DuoAuth -UserId <String> [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async]
[-Device <String>] [-Type <String>] [-DisplayUsername <String>] [-Passcode] [-PushInfo <Hashtable>]
[<CommonParameters>]
The /auth endpoint performs second-factor authentication for a user by sending a push notification to the user's smartphone app, verifying a passcode, or placing a phone call. It is also used to send the user a new batch of passcodes via SMS.
New-DuoAuth -Username blumbergh -Factor Auto -Async
Permanent, unique identifier for the user as generated by Duo upon user creation (e.g. DUYHV6TJBC3O4RITS1WC).
Type: String
Parameter Sets: UserId
Aliases: user_id
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseUnique identifier for the user that is commonly specified by your application during user creation (e.g. [email protected]). This value may also represent a username alias assigned to a user.
Type: String
Parameter Sets: Username
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseFactor to use for authentication. Currently, the following choices are supported:
| Value | Meaning |
|---|---|
| auto | Use the out-of-band factor (push or phone) recommended by Duo as the best for the user's devices. |
| push | Authenticate the user with Duo Push. |
| passcode | Authenticate the user with a passcode (from Duo Mobile, SMS, hardware token, or bypass code). |
| sms | Send a new batch of SMS passcodes to the user. |
| Note that this will not actually authenticate the user (it will automatically return "deny" Thus, if the user elects to do this then you should re-prompt to authenticate after the call has completed. | |
| phone | Authenticate the user with phone callback. |
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: Auto
Accept pipeline input: False
Accept wildcard characters: FalseThe IP address of the user to be authenticated, in dotted quad format. This will cause an "allow" response to be sent if appropriate for requests from a trusted network.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe host name of the device accessing the application.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseIf this parameter is not provided, then the /auth endpoint will only return a response when the authentication process has completed. If, however, your application provides this parameter with a value of "1", then /auth will immediately return a transaction ID, and your application will need to subsequently query the /auth_status endpoint to get the status (and, eventually, result) of the authentication process.
If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseID of the device. This device must have the "push","phone" or "sms" capability.
Default: auto
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: Auto
Accept pipeline input: False
Accept wildcard characters: FalseThis string is displayed in the Duo Mobile app push notification and UI. You may wish to specify some alternate phrase for this parameter.
The default English string in Duo Mobile v4 is "Verify your identity" and "Are you logging in to" followed by the application's name in the push request notification text, and "Are you logging in to" followed by the application's name in the request details screen as shown in Duo Mobile. With type specified, the notification text changes to "Verify request" and shows your customized string followed by a colon and the application's name, and the request details screen also shows your customized string and the application's name. Duo Mobile shows the equivalent localization in the languagues supported by the app, but does not attempt to localize your custom string or support multiple string values (for different languages).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseString to display in Duo Mobile in place of the user's Duo username.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePasscode entered by the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseA set of URL-encoded key/value pairs with additional contextual information associated with this authentication attempt. The Duo Mobile app will display this information to the user.
For example: from=login%20portal&domain=example.com
The URL-encoded string's total length must be less than 20,000 bytes.
Type: Hashtable
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Exactly one of user_id or username must be specified.
The push_info URL-encoded string's total length must be less than 20,000 bytes.