Duo / Mobile Push

Authelia utilizes Duo Push Notifications as one of it's second factor authentication methods.

Mobile Push notifications are a really convenient and trendy method to perform 2FA. When 2FA is required Authelia sends a notification directly to an application on your mobile phone where you can instantly choose to accept or deny.

Authelia leverages Duo third party to provide this feature.

The Duo Mobile Push authorization notification

The Duo Mobile Push authorization notification

The Duo Mobile Push authorization consent view

The Duo Mobile Push authorization consent view

First, sign up on their website, log in, create a user account and attach it a mobile device. Beware that the name of the user must match the name of the user in Authelia, or must have an alias that matches the user in Authelia.

Then, in Duo interface, click on Applications and Protect an Application. Select the option Partner Auth API. This will generate an integration key, a secret key and a hostname. You can set the name of the application to Authelia and then you must add the generated information to Authelia configuration as shown below:

duo_api:
  hostname: api-123456789.example.com
  integration_key: ABCDEF
  secret_key: 1234567890abcdefghifjkl

See the configuration documentation for more details.

Now that Authelia is configured, pass the first factor and select the Push notification option.

The Mobile Push 2FA view

The Mobile Push 2FA view

You should now receive a notification on your mobile phone with all the details about the authentication request. In case you have multiple devices available, you will be asked to select your preferred device.

FAQ

Why don’t I have access to the Push Notification option?

It’s likely that you have not configured Authelia correctly. Please read this documentation again and be sure you had a look at config.template.yml and configuration documentation.