DUO Two Factor Authentication
Two Factor Authentication (2FA) adds an extra layer of security to your MyWorkDrive Web Browser Client Access. By entering a one-time verification code from your mobile phone or utilizing the Duo App for push notifications in addition to username and password you can enhance security and eliminate casual sharing of user logins. We recommend disabling WebDAV in settings when Two Factor Authentication is needed as it does not support 2FA.
We support Duo.com Two Factor Authentication. Sign-up for an account on Duo.com and ensure you have a working implementation before starting MyWorkDrive Setup. Verify the time is accurate on your Windows Active Directory domain and the domain joined MyWorkDrive Server. DUO requires accurate time to authenticate users.
On the Duo Admin Dashboard, click Applications, Protect an Application. Search for and choose “MyWorkDrive”. Click – Protect this Application:
Copy and paste the Integration Key (Ikey), API Hostname (Host) and Secret Key (Skey) from your Duo.com Web SDK page into your MyWorkDrive Admin Panel (Advanced Settings, Two Factor Authentication Section)
To prevent duplicate user accounts from being created in DUO, enable user account normalization:
On the Duo.com admin panel under Settings – General for easier reference type “MyWorkDrive” under Name. Click Save Changes.
Note – It is not required to pre-populate user names into Duo. However, you may wish to enter or sync user names ahead of time.
MyWorkDrive Admin Panel – Advanced Settings:
Click “Enable” to enable Two Factor Access.
We recommend disabling WebDAV since it does not support Two Factor. Our Browser, Desktop (mapped drive) and Mobile clients all support DUO Two Factor Authentication.
Enabling DUO on a subset of users only
To only require two factor authentication (2FA) for a subset of users ( typically users who have access to sensitive shares in MyWorkDrive), pre-populate the users in DUO who will need to use 2FA, then edit the New User Global Policy in the DUO Admin panel to allow access without 2FA. Any users not already added to DUO will be allowed access without an account.
For large organizations you may wish to sync Active Directory and limit sync to groups whom you wish to be subject to 2FA. Any other users will be allowed access without 2FA.