--- title: Duo API Integration on Truto slug: duo category: Default canonical: "https://truto.one/integrations/detail/duo/" --- # Duo API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Duo account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Duo.** The Proxy API is a 1-to-1 mapping of the Duo API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate user provisioning and deprovisioning across Duo** — HR and identity platforms can automatically create users in Duo, assign them to groups, and disable accounts when employees leave — ensuring MFA coverage stays in sync with the employee lifecycle without manual admin intervention. - **Centralize identity visibility for security posture management** — Cybersecurity SaaS products can pull Duo user and role data into a unified identity view, enabling customers to detect orphaned accounts, audit group memberships, and identify users who lack MFA enrollment across their entire tool stack. - **Enrich helpdesk workflows with Duo user context** — ITSM and helpdesk platforms can surface Duo user profiles and group assignments directly inside support tickets, giving IT agents the context they need to resolve MFA-related issues without switching to the Duo Admin panel. - **Sync organizational roles into Duo groups for policy enforcement** — SaaS products managing org structures — from HRIS to governance platforms — can map their internal roles to Duo groups, ensuring that access policies like hardware token requirements or restricted network access automatically apply to the right people. - **Build cross-platform identity reconciliation for compliance audits** — GRC and compliance platforms can pull user and role data from Duo alongside other identity providers, enabling customers to generate audit-ready reports showing who has access to what and whether MFA is enforced consistently. ## What you can build - **Real-time Duo user directory sync** — Automatically mirror your product's user base into Duo, creating and disabling user accounts as employees join or leave the organization. - **Group-based role mapping engine** — Map roles defined in your SaaS product to Duo groups so that MFA and access policies are automatically applied based on organizational role. - **Unified identity dashboard with Duo coverage** — Display Duo user enrollment status and group memberships alongside data from other identity providers in a single pane of glass for security teams. - **Offboarding lockout automation** — Trigger immediate Duo account disablement when an employee is terminated in your HR or identity platform, cutting off access to all Duo-protected applications. - **MFA enrollment gap detector** — Compare your product's active user list against Duo's enrolled users to flag employees who haven't completed MFA setup and need follow-up. - **In-app Duo user profile viewer for support agents** — Embed a read-only Duo user profile panel inside your helpdesk or admin UI so agents can see a user's status and group memberships without leaving your product. ## FAQs ### Which Duo API does Truto connect to? Truto connects to Duo's Admin API, which provides programmatic access to user and group management — the core entities mapped to Truto's Unified User Directory API (Users and Roles). ### What authentication method does Duo's API use? Duo's Admin API uses HMAC-SHA1 signed requests with an integration key and secret key. Truto handles this authentication on your behalf, so your application never needs to manage Duo's signing logic directly. ### Are Duo-specific tools available out of the box? Duo integration tools are built on request. The Unified User Directory API (Users and Roles) is available for mapping Duo users and groups. If you need additional capabilities like auth log ingestion or device management, contact Truto to discuss your requirements. ### How does Truto handle Duo's API rate limits? Truto manages rate limiting, pagination, and retries automatically when communicating with Duo's Admin API, so your application doesn't need to implement backoff logic or pagination cursors. ### Can I map Duo groups to the Roles resource in the Unified User Directory API? Yes. Duo groups — which are used to apply access policies — are mapped to the Roles resource in Truto's Unified User Directory API, letting you manage group assignments through a standardized interface. ### What data can I read and write for Duo users through Truto? Through the Unified User Directory API, you can read and manage core user attributes such as name, email, status, and group memberships. Duo-specific fields like device associations or bypass codes would require custom tool development built on request.