NAME
Net::Duo::Admin::Integration - Representation of a Duo integration
SYNOPSIS
my $decoded_json = get_json();
my $integration = Net::Duo::Admin::Integration->new($decoded_json);
say $integration->secret_key;
REQUIREMENTS
Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp, Sub::Install, and URI::Escape (part of URI), all of which are available from CPAN.
DESCRIPTION
An integration is Duo's name for the metadata for a system or service that is allowed to use one or more of the Duo APIs. This object is the Perl representation of a Duo integration as returned by the Duo Admin API, usually via the integrations() method of Net::Duo::Admin or by retrieving an integration by integration key.
CLASS METHODS
- create(DUO, DATA)
-
Creates a new integration in Duo and returns the resulting integration as a new Net::Duo::Admin::Integration object. DUO is the Net::Duo object that should be used to perform the creation. DATA is a reference to a hash with one or more of the following keys (the
name
andtype
keys are required):- adminapi_admins
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API methods. Optional and defaults to false. - adminapis_info
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API account info methods. Optional and defaults to false. - adminapis_integrations
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API integration methods. Optional and defaults to false. - adminapis_read_log
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API log methods. Optional and defaults to false. - adminapis_read_resource
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API methods that retrieve objects such as users, phones, and hardware tokens. Setting this key does not grant permission to change those objects or create new ones. Optional and defaults to false. - adminapis_settings
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API settings methods. These control global settings for the entire Duo account. Optional and defaults to false. - adminapis_write_resource
-
Only valid for integrations of type
adminapi
. Set to a true value to grant permission to use all Admin API methods that create or modify objects such as as users, phones, and hardware tokens. Optional and defaults to false. - enroll_policy
-
What to do after an enrolled user passes primary authentication. See the "enroll_policy()" method below for the possible values. Optional and defaults to
enroll
. - greeting
-
Voice greeting read before the authentication instructions to users who authenticate with a phone callback. Optional.
- groups_allowed
-
A comma-separated list of group IDs that are allowed to authenticate with the integration. Optional. By default, all groups are allowed.
- ip_whitelist
-
CSV string of trusted IPs or IP ranges. Both CIDR-style ranges and ranges specified by two IP addresses separated by a dash (
-
) are supported. Authentications from these IP addresses will not require a second factor.This can only be set for certain integrations. For the range of valid values and circumstances in which this can be used, see the Duo Admin API documentation. Optional.
- ip_whitelist_enroll_policy
-
What to do after a new user from a trusted IP completes primary authentication. See the "ip_whitelist_enroll_policy()" method below for the possible values. Optional and defaults to
enforce
. - name
-
The name of the integration. Required.
- notes
-
Any further description of the integration. Optional.
- trusted_device_days
-
Number of days to allow a user to trust the device they are logging in with. This can only be set for certain integrations and must be between 0 and 60. (0 disables this feature.) For the circumstances in which this can be used, see the Duo Admin API documentation. Optional.
- type
-
The type of the integration. For a list of valid values, see the Duo Admin API documentation. Required.
- username_normalization_policy
-
Controls whether or not usernames should be altered before trying to match them to a user account. See the "username_normalization_policy()" method below for the possible values. Optional and defaults to
simple
. - visual_style
-
Look and feel of web content generated by the integration. This can only be set for certain integrations. For a list of valid values and circumstances in which this can be used, see the Duo Admin API documentation. Optional.
- new(DUO, DATA)
-
Creates a new Net::Duo::Admin::Integration object from a full data set. DUO is the Net::Duo object that should be used for any further actions on this object. DATA should be the data structure returned by the Duo REST API for a single user, after JSON decoding. This constructor is primarily used internally by other Net::Duo::Admin methods.
- new(DUO, KEY)
-
Creates a new Net::Duo::Admin::Integration object from the integration key. DUO is the Net::Duo object that is used to retrieve the integration from Duo and will be used for any subsequent operations. The KEY should be the integration key of the integration. This constructor is distinguished from the previous constructor by checking whether KEY is a reference.
INSTANCE ACTION METHODS
- delete()
-
Delete this integration from Duo. After successful completion of this call, the Net::Duo::Admin::Integration object should be considered read-only, since no further changes to the object can be meaningfully sent to Duo.
- json()
-
Convert the data stored in the object to JSON and return the results. The resulting JSON should match the JSON that one would get back from the Duo web service when retrieving the same object (plus any changes made locally to the object via set_*() methods). This is primarily intended for debugging dumps or for passing Duo objects to other systems via further JSON APIs.
INSTANCE DATA METHODS
- adminapi_admins()
-
Whether this admin integration may use all Admin API methods.
- adminapis_info()
-
Whether this admin integration may use all Admin API account info methods.
- adminapis_integrations()
-
Whether this admin integration may use all Admin API integration methods.
- adminapis_read_log()
-
Whether this admin integration may use all Admin API log methods.
- adminapis_read_resource()
-
Whether this admin integration may use all Admin API methods that retrieve objects such as users, phones, and hardware tokens.
- adminapis_settings()
-
Whether this admin integration may use all Admin API settings methods.
- adminapis_write_resource()
-
Whether this admin integration may use all Admin API methods that create or modify objects such as as users, phones, and hardware tokens.
- enroll_policy()
-
What to do after an enrolled user passes primary authentication. The value will be one of
enroll
, to prompt the user to enroll,allow
, to allow the user to sign in without presenting an additional factor, anddeny
, to deny authentication for this user. - greeting()
-
Voice greeting read before the authentication instructions to users who authenticate with a phone callback.
- groups_allowed()
-
A reference to an array of group IDs that are allowed to authenticate with the integration.
- ip_whitelist()
-
List of trusted IPs or IP ranges. Ranges may be in the form of CIDR network blocks or ranges specified by two IP addresses separated by a dash (
-
) are supported. Authentications from these IP addresses will not require a second factor. Example values:192.0.2.8 198.51.100.0-198.51.100.20 203.0.113.0/24
This is only supported with certain integration types.
- ip_whitelist_enroll_policy()
-
What to do after a new user from a trusted IP completes primary authentication. The value will be either
enforce
, meaning that the user will be subject to the normal enrollment policy as returned by enroll_policy(), orallow
, which means that the user will be successfully authenticated without being required to enroll, skipping any enrollment policy. - integration_key()
-
The identifier of this integration. For
adminapi
,accountsapi
,rest
, andverify
integrations, this is the key used as theintegration_key
value when constructing a Net::Duo object. - name()
-
The name of the integration.
- notes()
-
Any further description of the integration.
- secret_key()
-
Secret used when configuring systems to use this integration. For
adminapi
,accountsapi
,rest
, andverify
integrations, this is the key used as thesecret_key
value when constructing a Net::Duo object. This is equivalent to a password and should be treated with the same care. - trusted_device_days()
-
Number of days to allow a user to trust the device they are logging in with, or
0
if this is disabled. This setting only has an effect for certain integrations. - type()
-
The type of the integration. For a list of possible values, see the Duo Admin API documentation.
- username_normalization_policy()
-
Controls whether or not usernames should be altered before trying to match them to a user account. The value will be either
none
, indicating no normalization, orsimple
, in whichDOMAIN\username
andusername@example.com
will be converted tousername
before authentication is attempted. - visual_style()
-
Look and feel of web content generated by the integration. This only has an effect for some integrations. For a list of valid values, see the Duo Admin API documentation.
AUTHOR
Russ Allbery <rra@cpan.org>
COPYRIGHT AND LICENSE
Copyright 2014 The Board of Trustees of the Leland Stanford Junior University
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
SEE ALSO
Duo Admin API for integrations
This module is part of the Net::Duo distribution. The current version of Net::Duo is available from CPAN, or directly from its web site at https://www.eyrie.org/~eagle/software/net-duo/.