Configuring the BlueApp for Cisco Duo

Role Availability Read-Only Investigator Analyst Manager

To use the BlueApp for Cisco Duo in USM Anywhere, you first need to log in to Cisco Duo to create an API hostname, integration key, and secret key.

Under Settings, select the following minimum API permissions:

  • Grant write resource
  • Grant read log
  • Grant read resource

To get the API credentials from Cisco Duo

Follow the Cisco documentation on how to create API credentials to obtain the API hostname, integration key, and secret key.

If you are using more than one Cisco Duo Admin API, you can rename your new Duo Admin API to track its use separately.

Connecting the Cisco Duo App in USM Anywhere

After you obtain the credentials, you must configure the connection within USM Anywhere.

To enable the AlienApp for Cisco Duo

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled BlueApp.

    BlueApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the BlueApp API endpoints.

  6. Enter the information you generated from the Cisco Duo admin panel into the following fields:

    • API hostname
    • Integration key
    • Secret key
  7. Click Save.
  8. Verify the connection.

    After USM Anywhere completes a successful connection to the Cisco Secure Endpoint Representational State Transfer (REST) APIs, a icon displays in the Health column.

    If the icon displays, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Cisco Secure Endpoint connection.

Cisco Duo Event Collection

Once the BlueApp for Cisco Duo has been configured, you can choose to have USM Anywhere collect Cisco Duo events from the app on an hourly basis.

To configure Cisco Duo event collection

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the Cisco Secure Endpoint app on the sensor it was deployed to.
  3. In the enabled column, click the icon for the inactive Cisco Secure Endpoint events job.

    The icon turns green and hourly event collection from Cisco Secure Endpoint is enabled.

    Job Scheduler Main Page

  4. (Optional.) Click the icon to customize the frequency of the event collection.