Table: duo_integration - Query Duo Security Integrations using SQL
Duo Security is a cloud-based security platform that protects access to sensitive data across applications and devices. It provides a range of security features, including two-factor authentication, secure single sign-on, and adaptive authentication. Duo Security Integration is a feature that allows the platform to work seamlessly with various applications and systems, enhancing the overall security posture.
Table Usage Guide
The duo_integration table provides insights into Duo Security Integrations. As a security engineer, explore integration-specific details through this table, including integration keys, secret keys, and API hostnames. Utilize it to uncover information about integrations, such as the security configuration of each integration, the associated applications, and potential security issues.
Examples
List all integrations
select name, integration_key, typefrom duo_integrationorder by name;select name, integration_key, typefrom duo_integrationorder by name;Integrations granted permission to administrator methods
select name, integration_key, typefrom duo_integrationwhere adminapi_admins = 1order by name;select name, integration_key, typefrom duo_integrationwhere adminapi_admins = 1order by name;Schema for duo_integration
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| adminapi_admins | bigint | 1 if the integration has been granted permission for Administrators methods; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_info | bigint | 1 if the integration has been granted permission for Account Info methods; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_integrations | bigint | 1 if the integration has been granted permission for Integrations methods; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_read_log | bigint | 1 if the integration has been granted permission for Logs methods; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_read_resource | bigint | 1 if the integration has been granted permission to retrieve objects like users, phones, and hardware tokens; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_settings | bigint | 1 if the integration has been granted permission for Settings methods; otherwise 0. Only applicable to Admin API integrations. | |
| adminapi_write_resource | bigint | 1 if the integration has been granted permission to modify objects like users, phones, and hardware tokens; otherwise 0. Only applicable to Admin API integrations. | |
| frameless_auth_prompt_enabled | bigint | 1 if the integration has been updated to support Duo Universal Prompt, otherwise 0. Only appears for a given integration after Duo makes the frameless prompt available for that application, and the value is set to 1 automatically when Duo detects a frameless authentication for the integration. | |
| greeting | text | Voice greeting read before the authentication instructions to users who authenticate with a phone callback. | |
| groups_allowed | jsonb | A list of groups, as group IDs, that are allowed to authenticate with the integration. If empty, all groups are allowed. | |
| integration_key | text | = | Integration ID. |
| name | text | The integration's name. | |
| networks_for_api_access | text | A comma-separated list of IP addresses, IP ranges, or CIDRs specifying the networks allowed to access this API integration. Only returned for Accounts API and Admin API integrations. | |
| notes | text | Description of the integration. | |
| policy_key | text | The identifying policy key for the custom policy attached to the integration. Not shown if no policy attached to the integration. | |
| prompt_v4_enabled | bigint | 1 if Duo Universal Prompt is activated for the application, otherwise 0. Only appears for a given integration when frameless_auth_prompt_enabled is 1 (value set automatically when Duo detects a frameless authentication for the integration). | |
| secret_key | text | Secret used when configuring systems to use this integration. | |
| self_service_allowed | jsonb | 1 if users may use self-service from this integration's 2FA prompt to update authentication devices, otherwise false (default). | |
| type | text | Integration type, e.g. 1password, okta. | |
| username_normalization_policy | text | This controls whether or not usernames should be altered before trying to match them to a user account. One of: None, Simple. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duoYou can pass the configuration to the command with the --config argument:
steampipe_export_duo --config '<your_config>' duo_integration