Auth by Duo¶

Two-factor authentication (2FA) strengthens access security by requiring two methods to verify your identity: by something you know (like a username and password) and something you have (like a smartphone or smartwatch).

It is the most effective way to protect your store against remote attacks such as phishing, credential exploitation and other attempts to take over your account.

Sign in to the store like you normally do by entering your username and password.

Then you’ll be suggested to select one of the methods for the second step of authentication.

Let’s select Push notification.

Slide to view the push notification.

Click Approve.

Your login request has been approved.

Authorization is successful.

You may want to watch a video explaining how the two-factor authentication protects your account.

The add-on is compatible with CS-Cart and Multi-Vendor 4.9 and above, but only versions 4.12.x and above are supported. Minimum required PHP version is 5.6.

See more information about compatibility of our add-ons here.

You are guaranteed a quality add-on supported by the future versions. If you need help, please contact us via our help desk system.

1. Sign up for a Duo account.
2. Log in to the Duo Admin Panel and navigate to Applications.
3. Click Protect an Application and locate Auth API in the applications list.
4. Here’s the created application:

Click on the application name to get your integration key, secret key, and API hostname.

You’ll need these details to set up the add-on in the admin panel.

You will need to download an authentication app to start using Duo Authorization.

Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian.

Download Duo Mobile for iPhone from iTunes or Duo Mobile for Android from Google Play.

For more details, read here.

Install the “Auth by Duo” add-on on the add-ons list page (“Add-ons” → ”Manage add-ons”). Click the + button in the top right corner, select an archive and click Upload & Install. You can now find the installed add-on in the list of installed add-ons, just make sure it is set to Active.

In the settings of the “Auth by Duo” add-on, enter the details of your Duo account (see the Getting integration key, secret key, and API hostname section):

After that enable two-factor authentication under Settings - Security settings:

To set up authenticator for the administrator:

1. Select the necessary admin under Customers > Administrators.
2. Open its detailed page and switch to the Two-factor authentication tab. Click Enroll.

3. You will be taken to the Duo website to set up your account. Click Start setup and complete all the steps.

At the end of the setup process, you should get this notice:

4. Go back to the admin profile and click check status.

5. Test your integration by using one of the following methods: code from Duo mobile, push notification, or phone call.

6. Сlick Save the changes.