Thank you for spending the next 45 minutes with me. When this session is complete, we will have successfully completed an integration of Cisco Duo MFA functionality into a web application.
Today we will take a simple web-based application built with Flask that has user registration and login functionality and add Cisco Duo Multi-factor Authentication (MFA) using the Cisco Duo Web SDK integration.
The Cisco Duo Web SDK integration provides a seamless addition of two factor authentication using browser redirects.
Before we can begin, there are a few items that need to be in place and ready.
They are:
- Firm understanding of the Python programming language
- Basic understanding of the HTTP protocol (communication methods, URI redirection)
- Basic understanding of the Python Flask package
- Mobile phone or tablet (iOS or Android)
- Cisco Duo account (either existing paid account or trial account)
- signup.duo.com (to create a new trial Cisco Duo account)
- Requires a valid email address used during the initial verification process
- signup.duo.com (to create a new trial Cisco Duo account)
- Clone this repository or download the ZIP file and unpack the contents
- Open a terminal window and navigate to the root folder of the project (
./Cisco-Live-2024-DuoUniversal/). - Create a virtual environment using the command
python3 -m venv . - Activate the virtual environment:
- The syntax of the activation command is platform
specific (see here for details)
- For linux platforms using bash/zsh:
source ./bin/activate - For Windows platforms:
- Powershell:
.\Scripts\Activate.ps1 - CMD.exe:
.\Scripts\activate.bat
- Powershell:
- For linux platforms using bash/zsh:
- The syntax of the activation command is platform
specific (see here for details)
- Install the required Python packages:
python3 -m pip install -r requirements.txt
Begin by starting the demonstration application.
- In the command terminal navigate to the root project
./Cisco-Live-2024-DuoUniversal/directory - Run the command
python3 app.py runin the command terminal to start the demonstration application - Open a web browser and follow the link provided in the output of the demonstration application initialization (the default is http://localhost:8008)
- Register a user with the application by selecting the
REGISTERbutton in the blue menubar. - Now that the application is running and a user has been registered, the next step is to add Cisco Duo MFA.
There are many choices available via the Cisco Duo Administration Panel to control how integration with applications behave. This exercise is meant solely as an illustration of how easy it is to get started. In a typical production deployment, specific Duo Policy settings are put in place to control various aspects of the end user experience as well as implement any business security requirements.