Auth by Duo


Keep your accounts safe with two-factor authentication by Duo.

Our Auth by Duo add-on integrates the service with your CS-Cart store to protect your users against credential theft attacks.

What is two-factor authentication?

Two-factor authentication (2FA) strengthens access security by requiring two methods to verify your identity: by something you know (like a username and password) and something you have (like a smartphone or smartwatch).

It is the most effective way to protect your store against remote attacks such as phishing, credential exploitation and other attempts to take over your account.

How it works

Sign in to the store like you normally do by entering your username and password.

Then you’ll be suggested to select one of the methods for the second step of authentication.

Let’s select Push notification.

Slide to view the push notification.

Click Approve.

Your login request has been approved.

Authorization is successful.

You may want to watch a video explaining how the two-factor authentication protects your account.


The add-on is compatible with CS-Cart and Multi-Vendor 4.9 and above, but only versions 4.12.x and above are supported. Minimum required PHP version is 5.6.

See more information about compatibility of our add-ons here.


You are guaranteed a quality add-on supported by the future versions. If you need help, please contact us via our help desk system.

Getting started with Duo

Creating an application

  1. Sign up for a Duo account.
  2. Log in to the Duo Admin Panel and navigate to Applications.
  3. Click Protect an Application and locate Auth API in the applications list.
  4. Here’s the created application:

Getting integration key, secret key, and API hostname

Click on the application name to get your integration key, secret key, and API hostname.

You’ll need these details to set up the add-on in the admin panel.

Downloading Duo Mobile app

You will need to download an authentication app to start using Duo Authorization.

Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian.

Download Duo Mobile for iPhone from iTunes or Duo Mobile for Android from Google Play.

For more details, read here.

Managing in the admin panel

Installing the add-on

Install the “Auth by Duo” add-on on the add-ons list page (“Add-ons” → ”Manage add-ons”). Click the + button in the top right corner, select an archive and click Upload & Install. You can now find the installed add-on in the list of installed add-ons, just make sure it is set to Active.

Setting up the add-on

In the settings of the “Auth by Duo” add-on, enter the details of your Duo account (see the Getting integration key, secret key, and API hostname section):

After that enable two-factor authentication under Settings - Security settings:

Setting up authenticator

To set up authenticator for the administrator:

  1. Select the necessary admin under Customers > Administrators.
  2. Open its detailed page and switch to the Two-factor authentication tab. Click Enroll.
  1. You will be taken to the Duo website to set up your account. Click Start setup and complete all the steps.

At the end of the setup process, you should get this notice:

  1. Go back to the admin profile and click check status.
  1. Test your integration by using one of the following methods: code from Duo mobile, push notification, or phone call.
  1. Сlick Save the changes.


You can disable Duo authentication for a particular admin by clicking the corresponding button: