Duo Security is a provider of two-factor authentication or multi-factor authentication services that can integrate with Aeries. The idea behind two-factor authentication is that it adds an extra layer of security to user accounts, preventing unauthorized access to the system even if a username and password are compromised. When users log into the system, after entering their username and password, they are asked to authenticate with Duo which typically involves receiving a push notification to a mobile device, receiving a text message, phone call as a method of verification.
Aeries now has Duo integrated into Aeries. With this integration, Aeries can be configured to not only authenticate users with Duo when they log in, but also when they navigate to several specific pages including Gradebook, Grades, and Transcripts.
Configuring Duo with Aeries is easy, and is outlined in this article. For more information about Duo, visit duo.com. Before you start, you’ll need to make sure you have a Duo account available. You can obtain a free trial account or limited account from duo.com to test it out.
After creating an account and logging into Duo, click on Applications, then click Protect an Application and click Protect this Application under Aeries SIS.
After clicking Protect this Application, a new application will be created and you will be taken to the settings page. An Integration key, Secret key, and API hostname have been created for you. You will need these codes in a later step.
The next step is to configure Aeries. Log into Aeries as an administrator account and navigate to SECURITY | Duo in the navigation. Once on this page, enter the Integration key, Secret key, and API hostname you created earlier. Check the Enable Two-Factor Authentication checkbox to enable, and then click the Test Duo button to verify Duo is working properly before continuing. You should see a sample Duo authentication screen.
Once you have tested the configuration, additional settings should be configured.
Re-Authentication Timeout Period - Users will be prompted for Duo authentication this many minutes after they last authenticated. A value of 0 will keep the authentication valid for their entire session.
Secure Areas Independently? - When this option is enabled, one Duo authentication prompt will occur per enabled security area/feature (that is configured below). Otherwise authenticating within one area (after login) will pass that Duo access to all secured areas, causing the user to only receive the authentication prompt once per session or until the re-authentication timeout period is reached.
Note: Once enabled, accessing the Duo configuration page always requires 2-factor authentication, regardless of other security settings.
The following areas can be configured to prompt Duo authentication, either External or Internal by checking the appropriate box. Note: External sites are defined in your AppSettings.Config file with an <External>True</External>. Contact Aeries Support for assistance configuring this file if necessary.
- Login (Admins)
- Login (Teachers and Office Staff)
- Transcripts (only users with access to change transcripts will be required to authenticate)
- Medical History
- Medical Log
- Assertive Discipline
- Teacher Emulation
- Portal Management
- Mass Change Attendance
Once Duo Security has been configured, users will be prompted to authenticate with Duo when entering the areas specified. For example, if Login (Teachers and Office Staff) has been turned on, the user will be prompted to log into Aeries, then authenticate with Duo.
The options available to users on the Duo authentication prompt are determined by configuration within your account with Duo.