Power

Duo

Powershell module for Duo security

A PowerShell module for managing Duo Security through its API.

PowerDuo

PowerDuo

is a PowerShell module designed to managed Duo Security via its API. It functions as a Duo Admin Module utilizing the Duo API.

About the Project Name

This project was originally named PSDuo. However, the name was changed to PowerDuo just two days before its planned release on PSGallery, as another project had already used the PSDuo name. You might still find some older names or help links that need updating within the module.

Features

The PowerDuo module allows you to interact with the Duo Security Admin API, providing a wide range of functions to manage various Duo objects. All functions within the module follow the standard PowerShell format of Verb-Noun (e.g., Get-DuoUser, New-DuoUser).
Some key capabilities include:

  • Configuration Management
  • User Management
  • Group Management
  • Device Management
  • Administrator Management
  • Logging and Reporting
  • Settings and Branding

Installation

The PowerDuo module is available on the PowerShell Gallery. It requires a minimum PowerShell version of 4.0
You can install it using one of the following methods:

Install-Module -Name PowerDuoInstall-PSResource -Name PowerDuo

You can manually download the .nupkg file to your system's default download location from the PowerShell Gallery. Please note that manually downloaded files are not unpacked and do not include dependencies.

Getting Started And Configuration

To use PowerDuo, you first need to protect an Admin API within Duo. You will require the Integration Key, Secret Key, and API hostname from your Duo admin panel. When protecting the Admin API, you might want to limit permissions and/or API network access depending on your purpose.

In Duo you will need to add an application and add, "Admin API." https://duo.com/docs/adminapi
Grant it the permissions you plan on using. Restrict to the IP address(es) you plan on using it from.
Copy the Integration key, Secret key, and API hostname from here.

Begin by creating a configuration for your Duo API connection:

New-DuoConfig -IntegrationKey ########### -SecretKey ############# -apiHost $#$#$#$.duosecruity.com

Once the configuration is made, it will remain for the duration of you Powershell session.

Save and Load Configuration (Optional)

New-DuoConfig -IntegrationKey ########### -SecretKey ############# -apiHost $#$#$#$.duosecruity.com -SaveConfig -Patch C:\Duo\DuoConfig.clixml
Import-DuoConfig -Path C:\Duo\DuoConfig.clixml

The Duo API does not support pulling directories and their names directly. However, the PowerDuo module provides an option to add directory keys to your configuration for later use.
You can find the Directory Keys by navigating to your Duo admin panel and viewing your directories. Once inside a directory, the key will be visible in the URL (e.g., https://admin-ac#$#$.duosecurity.com/users/directorysync/ADFD56456456DFDS, where 'ADFD56456456DFDS' is the directory key). The name value you assign (-KeyName) is for your reference only and is irrelevant to the operation.

Add-DuoDirectoryKeys -KeyName DuoDirectory -KeyValue #############