vault/website/content/api-docs/secret/identity/mfa/duo.mdx

---
layout: api
page_title: /identity/mfa/method/duo - HTTP API
description: >-
  The '/identity/mfa/method/duo' endpoint focuses on managing Duo MFA behaviors in Vault.
---

## Configure Duo MFA Method

This endpoint defines an MFA method of type Duo.

| Method | Path                           |
| :----- |:-------------------------------|
| `POST` | `/identity/mfa/method/duo/:id` |

### Parameters

- `id` `(string: "")` - Optional UUID to specify if updating an existing method.

- `mount_accessor` `(string: <required>)` - The mount to tie this method to for use in automatic mappings. The mapping
uses the Name field of Aliases associated with this mount as the username in the mapping. This can
  be from the current namespace or a child namespace.

- `username_template` `(string)` - A template string for mapping Identity names to MFA methods. Values to substitute should be placed in `{{}}`. For example, `"{{identity.entity.name}}"`. If blank, the Entity's Name field is used as-is.

- `secret_key` `(string: <required>)` - Secret key for Duo.

- `integration_key` `(string: <required>)` - Integration key for Duo.

- `api_hostname` `(string: <required>)` - API hostname for Duo.

- `push_info` `(string)` - Push information for Duo.
-
- `use_passcode` `(bool: false)` - If true, the user is reminded to use the passcode upon MFA validation.

### Sample Payload

```json
{
  "mount_accessor": "auth_userpass_1793464a",
  "secret_key": "BIACEUEAXI20BNWTEYXT",
  "integration_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
  "api_hostname": "api-2b5c39f5.duosecurity.com"
}
```

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo
```

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d
```

## Read Duo MFA Method

This endpoint queries the MFA configuration of Duo type for a given method
ID.

| Method | Path                           |
| :----- |:-------------------------------|
| `GET`  | `/identity/mfa/method/duo/:id` |

### Parameters

- `id` `(string: <required>)` – UUID of the MFA method.

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request GET \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

```

### Sample Response

```json
{
  "data": {
    "api_hostname": "api-2b5c39f5.duosecurity.com",
    "id": "4194659f-139b-400b-b5dd-86bfb726759d",
    "integration_key": "BIACEUEAXI20BNWTEYXT",
    "mount_accessor": "auth_userpass_1793464a",
    "pushinfo": "",
    "secret_key": "8C7THtrIigh2rPZQMbguugt8IUftWhMRCOBzbuyz",
    "type": "duo",
    "username_template": "",
    "use_passcode": false
  }
}
```

## Delete Duo MFA Method

This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use
by a [login enforcement](/api/secret/identity/mfa/login-enforcement).

| Method   | Path                           |
| :------- |:-------------------------------|
| `DELETE` | `/identity/mfa/method/duo/:id` |

### Parameters

- `id` `(string: <required>)` - UUID of the MFA method.

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo/4194659f-139b-400b-b5dd-86bfb726759d

```

## List Duo MFA Methods

This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.

| Method | Path                       |
|:-------|:---------------------------|
| `LIST` | `/identity/mfa/method/duo` |

### Sample Request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/mfa/method/duo

```

### Sample Response

```json
{
  "data": {
    "keys": [
      "4194659f-139b-400b-b5dd-86bfb726759d"
    ]
  }
}
```