NAME

Net::Duo::Admin::Integration - Representation of a Duo integration

SYNOPSIS

my $decoded_json = get_json();
my $integration = Net::Duo::Admin::Integration->new($decoded_json);
say $integration->secret_key;

REQUIREMENTS

Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp, Sub::Install, and URI::Escape (part of URI), all of which are available from CPAN.

DESCRIPTION

An integration is Duo's name for the metadata for a system or service that is allowed to use one or more of the Duo APIs. This object is the Perl representation of a Duo integration as returned by the Duo Admin API, usually via the integrations() method of Net::Duo::Admin or by retrieving an integration by integration key.

CLASS METHODS

create(DUO, DATA)

Creates a new integration in Duo and returns the resulting integration as a new Net::Duo::Admin::Integration object. DUO is the Net::Duo object that should be used to perform the creation. DATA is a reference to a hash with one or more of the following keys (the name and type keys are required):

adminapi_admins

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API methods. Optional and defaults to false.

adminapis_info

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API account info methods. Optional and defaults to false.

adminapis_integrations

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API integration methods. Optional and defaults to false.

adminapis_read_log

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API log methods. Optional and defaults to false.

adminapis_read_resource

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API methods that retrieve objects such as users, phones, and hardware tokens. Setting this key does not grant permission to change those objects or create new ones. Optional and defaults to false.

adminapis_settings

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API settings methods. These control global settings for the entire Duo account. Optional and defaults to false.

adminapis_write_resource

Only valid for integrations of type adminapi. Set to a true value to grant permission to use all Admin API methods that create or modify objects such as as users, phones, and hardware tokens. Optional and defaults to false.

enroll_policy

What to do after an enrolled user passes primary authentication. See the "enroll_policy()" method below for the possible values. Optional and defaults to enroll.

greeting

Voice greeting read before the authentication instructions to users who authenticate with a phone callback. Optional.

groups_allowed

A comma-separated list of group IDs that are allowed to authenticate with the integration. Optional. By default, all groups are allowed.

ip_whitelist

CSV string of trusted IPs or IP ranges. Both CIDR-style ranges and ranges specified by two IP addresses separated by a dash (-) are supported. Authentications from these IP addresses will not require a second factor.

This can only be set for certain integrations. For the range of valid values and circumstances in which this can be used, see the Duo Admin API documentation. Optional.

ip_whitelist_enroll_policy

What to do after a new user from a trusted IP completes primary authentication. See the "ip_whitelist_enroll_policy()" method below for the possible values. Optional and defaults to enforce.

name

The name of the integration. Required.

notes

Any further description of the integration. Optional.

trusted_device_days

Number of days to allow a user to trust the device they are logging in with. This can only be set for certain integrations and must be between 0 and 60. (0 disables this feature.) For the circumstances in which this can be used, see the Duo Admin API documentation. Optional.

type

The type of the integration. For a list of valid values, see the Duo Admin API documentation. Required.

username_normalization_policy

Controls whether or not usernames should be altered before trying to match them to a user account. See the "username_normalization_policy()" method below for the possible values. Optional and defaults to simple.

visual_style

Look and feel of web content generated by the integration. This can only be set for certain integrations. For a list of valid values and circumstances in which this can be used, see the Duo Admin API documentation. Optional.

new(DUO, DATA)

Creates a new Net::Duo::Admin::Integration object from a full data set. DUO is the Net::Duo object that should be used for any further actions on this object. DATA should be the data structure returned by the Duo REST API for a single user, after JSON decoding. This constructor is primarily used internally by other Net::Duo::Admin methods.

new(DUO, KEY)

Creates a new Net::Duo::Admin::Integration object from the integration key. DUO is the Net::Duo object that is used to retrieve the integration from Duo and will be used for any subsequent operations. The KEY should be the integration key of the integration. This constructor is distinguished from the previous constructor by checking whether KEY is a reference.

INSTANCE ACTION METHODS

delete()

Delete this integration from Duo. After successful completion of this call, the Net::Duo::Admin::Integration object should be considered read-only, since no further changes to the object can be meaningfully sent to Duo.

json()

Convert the data stored in the object to JSON and return the results. The resulting JSON should match the JSON that one would get back from the Duo web service when retrieving the same object (plus any changes made locally to the object via set_*() methods). This is primarily intended for debugging dumps or for passing Duo objects to other systems via further JSON APIs.

INSTANCE DATA METHODS

adminapi_admins()

Whether this admin integration may use all Admin API methods.

adminapis_info()

Whether this admin integration may use all Admin API account info methods.

adminapis_integrations()

Whether this admin integration may use all Admin API integration methods.

adminapis_read_log()

Whether this admin integration may use all Admin API log methods.

adminapis_read_resource()

Whether this admin integration may use all Admin API methods that retrieve objects such as users, phones, and hardware tokens.

adminapis_settings()

Whether this admin integration may use all Admin API settings methods.

adminapis_write_resource()

Whether this admin integration may use all Admin API methods that create or modify objects such as as users, phones, and hardware tokens.

enroll_policy()

What to do after an enrolled user passes primary authentication. The value will be one of enroll, to prompt the user to enroll, allow, to allow the user to sign in without presenting an additional factor, and deny, to deny authentication for this user.

greeting()

Voice greeting read before the authentication instructions to users who authenticate with a phone callback.

groups_allowed()

A reference to an array of group IDs that are allowed to authenticate with the integration.

ip_whitelist()

List of trusted IPs or IP ranges. Ranges may be in the form of CIDR network blocks or ranges specified by two IP addresses separated by a dash (-) are supported. Authentications from these IP addresses will not require a second factor. Example values:

192.0.2.8
198.51.100.0-198.51.100.20
203.0.113.0/24

This is only supported with certain integration types.

ip_whitelist_enroll_policy()

What to do after a new user from a trusted IP completes primary authentication. The value will be either enforce, meaning that the user will be subject to the normal enrollment policy as returned by enroll_policy(), or allow, which means that the user will be successfully authenticated without being required to enroll, skipping any enrollment policy.

integration_key()

The identifier of this integration. For adminapi, accountsapi, rest, and verify integrations, this is the key used as the integration_key value when constructing a Net::Duo object.

name()

The name of the integration.

notes()

Any further description of the integration.

secret_key()

Secret used when configuring systems to use this integration. For adminapi, accountsapi, rest, and verify integrations, this is the key used as the secret_key value when constructing a Net::Duo object. This is equivalent to a password and should be treated with the same care.

trusted_device_days()

Number of days to allow a user to trust the device they are logging in with, or 0 if this is disabled. This setting only has an effect for certain integrations.

type()

The type of the integration. For a list of possible values, see the Duo Admin API documentation.

username_normalization_policy()

Controls whether or not usernames should be altered before trying to match them to a user account. The value will be either none, indicating no normalization, or simple, in which DOMAIN\username and username@example.com will be converted to username before authentication is attempted.

visual_style()

Look and feel of web content generated by the integration. This only has an effect for some integrations. For a list of valid values, see the Duo Admin API documentation.

AUTHOR

Russ Allbery <rra@cpan.org>

COPYRIGHT AND LICENSE

Copyright 2014 The Board of Trustees of the Leland Stanford Junior University

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

SEE ALSO

Net::Duo::Admin

Duo Admin API for integrations

This module is part of the Net::Duo distribution. The current version of Net::Duo is available from CPAN, or directly from its web site at https://www.eyrie.org/~eagle/software/net-duo/.