steampipe plugin install duo

Table: duo_account_settings - Query Duo Security Account Settings using SQL

Duo Security Account Settings is a feature within Duo Security that allows administrators to manage and configure the security settings for their Duo account. It provides a centralized way to set up and manage settings for various Duo resources, including user policies, integrations, and more. Duo Security Account Settings helps you stay informed about the security and configuration status of your Duo resources and take appropriate actions when required.

Table Usage Guide

The duo_account_settings table provides insights into Account Settings within Duo Security. As a Security Administrator, explore specific details through this table, including security restrictions, policy settings, and associated metadata. Utilize it to uncover information about settings, such as those related to user policies, integrations, and to verify the current configuration status.

Examples

Get account settings

select
*
from
duo_account_settings;
select
*
from
duo_account_settings;

Check password settings are secure

select
name,
case
when password_requires_lower_alpha then '✅'
else '❌'
end as requires_lower_alpha,
case
when password_requires_upper_alpha then '✅'
else '❌'
end as requires_upper_alpha,
case
when password_requires_numeric then '✅'
else '❌'
end as requires_numeric,
case
when password_requires_special then '✅'
else '❌'
end as requires_special,
case
when minimum_password_length >= 12 then '✅'
else '❌'
end as min_length_gte_12
from
duo_account_settings;
select
name,
case
when password_requires_lower_alpha then '✅'
else '❌'
end as requires_lower_alpha,
case
when password_requires_upper_alpha then '✅'
else '❌'
end as requires_upper_alpha,
case
when password_requires_numeric then '✅'
else '❌'
end as requires_numeric,
case
when password_requires_special then '✅'
else '❌'
end as requires_special,
case
when minimum_password_length >= 12 then '✅'
else '❌'
end as min_length_gte_12
from
duo_account_settings;

Schema for duo_account_settings

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
caller_idtextAutomated calls will appear to come from this number. This does not apply to text messages.
fraud_emailtextThe email address to be notified when a user reports a fraudulent authentication attempt or is locked out due to failed authentication attempts. All administrators will be notified if this is not set.
fraud_email_enabledbooleanIf true, emailed notifications of user-reported fraudulent authentication attempts and user lockouts due to failed authentication are sent to the email address defined for fraud_email, or to all administrators if fraud_email is not defined. If set to false, no fraud alert emails are sent.
helpdesk_bypasstextGrants permission for administrators with the Help Desk role to generate bypass codes for users. One of allow (default value), limit, or deny.
helpdesk_bypass_expirationbigintInteger specifying a default expiration for bypass codes generated by Help Desk admins, in minutes. If not set, Help Desk admins may change bypass code expiration from the default 60 minutes after creation if helpdesk_bypass is set to allow.
helpdesk_can_send_enroll_emailbooleanPermits Help Desk administrators to send or resend enrollment emails to users. One of true or false (default).
helpdesk_messagetextCustom help message shown to end-users in the traditional Duo Prompt and Device Health application. Up to 200 characters; HTML formatting or hyperlinks are not allowed.
inactive_user_expirationbigintUsers will be automatically deleted if they are inactive (no successful logins) for a this amount of days.
keypress_confirmtextThe key for users to press to authenticate, or empty if any key should be pressed to authenticate.
keypress_fraudtextThe key for users to press to report fraud, or empty if any key should be pressed to authenticate.
languagetextThe language used in the traditional Duo browser-based user authentication prompt. One of: EN, DE, FR. Default: EN
lockout_expire_durationbigintIf non-zero, an integer indicating the time in minutes until a locked-out user's status reverts to Active. If null or 0, a user remains locked out until their status is manually changed (By an admin or API call). Minimum: 5 minutes. Maximum: 30000 minutes.
lockout_thresholdbigintThe number of consecutive failed authentication attempts before the user's status is set to 'Locked Out' and the user is denied access.
minimum_password_lengthbigintAn integer indicating the minimum number of characters that an administrator's Duo Admin Panel password must contain. This is only enforced on password creation and reset; existing passwords will not be invalidated. Default: 12.
nametextThe customer name.
password_requires_lower_alphabooleanIf true, administrator passwords will be required to contain a lower case alphabetic character. If false, administrator passwords will not be required to contain a lower case alphabetic character. This is only enforced on password creation and reset; existing passwords will not be invalidated. Default: false.
password_requires_numericbooleanIf true, administrator passwords will be required to contain a numeric character. If false, administrator passwords will not be required to contain a numeric character. This is only enforced on password creation and reset; existing passwords will not be invalidated. Default: false.
password_requires_specialbooleanIf true, administrator passwords will be required to contain a special (non-alphanumeric) character. If false, administrator passwords will not be required to contain a special (non-alphanumeric) character. This is only enforced on password creation and reset; existing passwords will not be invalidated. Default: false.
password_requires_upper_alphabooleanIf true, administrator passwords will be required to contain an upper case alphabetic character. If false, administrator passwords will not be required to contain an upper case alphabetic character. This is only enforced on password creation and reset; existing passwords will not be invalidated. Default: false.
sms_batchbigintAn integer that indicates how many passcodes to send at one time, up to 10.
sms_expirationbigintThe time in minutes to expire and invalidate SMS passcodes.
sms_messagetextDescription sent with every batch of SMS passcodes.
sms_refreshbigintIf 1, a new set of SMS passcodes will automatically be sent after the last one is used. If 0, a new set will not be sent.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
telephony_warning_minbigintAn integer indicating the number of telephony credits at which an alert will be sent for low credits.
timezonetextThis is the timezone used when displaying timestamps in the Duo Admin Panel.
user_telephony_cost_maxdouble precisionAn integer indicating the maximum number of telephony credits a user may consume in a single authentication event. This excludes Duo administrators authenticating to the Duo administration panel. Default: 20.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo

You can pass the configuration to the command with the --config argument:

steampipe_export_duo --config '<your_config>' duo_account_settings