Two Factor Authentication (2FA) for DotNetNuke (DNN) using Duo Authenticator & Duo Push Notification | Secure DNN Login

• Under Configuration tab click on Duo
• Before configuring Duo authentication methods, enter the Duo credentials provided by Duo Security, including the Client ID, Client Secret, and Duo API Host, and then click Save.

• If you do not have a Duo account, please click here to create an account.

• After signup, please login into the Duo portal.

• Go to the Applications option on the left side menu and click on the Applications submenu.

• Click on Add Application.

• Search for Web SDK, and click Add.

• Enter the required application details, such as the application name and other configuration settings, and then click Save to create the application.
• Now copy the Integration Key, Client Secret and API Hostname.
• Keep these values handy, as they will be required to configure Duo authentication methods in the DNN 2FA plugin.

• Enter the Client ID which is same as Integration Key, Client Secret and API hostname and Click on Save button

Please choose the Duo authentication method you want to configure in the DNN 2FA plugin.

• Enable the 2FA for End Users toggle button.

• If you want to enforce 2FA for adminis, turn on the Enable 2FA for Admins toggle.

• To enable 2FA for AD Authentication click on DNN AD Login under Advanced Settings tab and select AD Login.

Advanced Settings

If you want to apply advanced settings or make changes to the 2FA experience, you can use the Advanced Settings tab and the Customization section to configure features like role-based 2FA, backup login methods, trusted devices, branding, and styling.

Role Based 2FA

• This feature allows administrators to enforce Two-Factor Authentication for specific user roles in the DNN portal.
• Enable the Role Based 2FA toggle button to activate role-based two-factor authentication.
• If you want to skip 2FA for roles without mapping, enable the "Skip 2FA for the roles without mapping" toggle button.
• Click on the Add Roles button to select and configure the roles for which you want to enforce 2FA.

• From the Select Role dropdown, choose the role for which you want to enable 2FA, and from the Select TFA Methods dropdown, select the TFA methods that you want to specific enable for the selected role and not all other methods.

• After configuring the role and TFA methods, click on the Save button to apply the settings.

Backup Login Method

• This feature allows users to log in using alternative authentication methods in case their primary 2FA method is unavailable.
• Note: This method is intended for use by administrators only.
• Users can log in using either Backup Codes or OTP over Email as backup login methods when primary 2FA is unavailable.
• Enable the toggle buttons for Backup Code and OTP over Email to activate these backup login methods.

• You can find your backup codes under the 'Backup Codes' tab. Each code can be used only once, and you can also download them for future use.

• When you log in and are prompted for 2FA verification, if the device on which you receive the OTP (e.g., mobile phone) is unavailable, you can click on the 'Forgot your device? Select a backup option to log in' link to use the backup login method.

• Select 'Use Backup Code' or 'Use one-time code via email' to authenticate if your primary 2FA method is not accessible.

• Enter the backup code in the provided field and click 'Verify' to complete the authentication process.

Trust Device(Remember Me)

• This feature allows users to mark their device as trusted so they can skip 2FA verification for a specified period on that device.
• Enable the Trust Device toggle button and set the Trust Duration (Days) for how long the device should be remembered.
• Enable the Ask 2FA on browser change checkbox to prompt 2FA when users log in from a different browser, and click on Save Settings to apply the changes.
• If unchecked, 2FA will not be asked on browser change, and users can continue without additional verification.

• When the end user logs in, they will be prompted with a "Trust this device" option, where they can choose Yes to skip 2FA on that device for the specified duration or No to continue with regular verification.

Setup Grace Period

• Setup Grace Period gives users limited attempts or time to set up 2FA. During this, they can log in without completing 2FA.
• Turn on the Setup Grace Period toggle, then choose Setup no. of attempts (number of login attempts allowed to set up 2FA) or Setup Time Period (time duration to complete the setup), enter the value, and click Save.

• When end users log in, they will see the 2FA setup prompt with a "Skip for now" option.
• This option will be shown based on the configured grace period, meaning it will appear for the defined number of attempts or within the set time duration.

Brand Logo Customization

• By default, the miniOrange logo is selected. If you want to use your own logo, click on Choose File and upload it.
• Alternatively, you can enter the logo URL in the given field and click on the Save button.
• If you want to revert the changes, click on the Reset to Default button.

Brand Name Customization

• This feature is applicable only for Authenticator apps.
• Enter your desired brand name in the field and click on the Save button. This name will be displayed in the authenticator app during the 2FA process.

Branding CSS Customization

• Add your custom CSS in the provided editor to modify the look and feel of elements like logo, buttons, and layout on the 2FA pages.
• You can use the listed CSS selectors (e.g., #logoDisplay, .mo-btn-primary, etc.) to target and style specific components.
• Click on the Save button to apply the changes.