NAME¶
Net::Duo::Admin::Integration - Representation of a Duo integration
SYNOPSIS¶
my $decoded_json = get_json();
my $integration = Net::Duo::Admin::Integration->new($decoded_json);
say $integration->secret_key;
REQUIREMENTS¶
Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of
HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp,
Sub::Install, and URI::Escape (part of URI), all of which are available from
CPAN.
DESCRIPTION¶
An integration is Duo's name for the metadata for a system or service that is
allowed to use one or more of the Duo APIs. This object is the Perl
representation of a Duo integration as returned by the Duo Admin API, usually
via the
integrations() method of Net::Duo::Admin or by retrieving an
integration by integration key.
CLASS METHODS¶
- create(DUO, DATA)
- Creates a new integration in Duo and returns the resulting integration as
a new Net::Duo::Admin::Integration object. DUO is the Net::Duo object that
should be used to perform the creation. DATA is a reference to a hash with
one or more of the following keys (the "name" and
"type" keys are required):
- adminapi_admins
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API methods. Optional and
defaults to false.
- adminapis_info
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API account info methods.
Optional and defaults to false.
- adminapis_integrations
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API integration methods.
Optional and defaults to false.
- adminapis_read_log
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API log methods. Optional and
defaults to false.
- adminapis_read_resource
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API methods that retrieve
objects such as users, phones, and hardware tokens. Setting this key does
not grant permission to change those objects or create new ones. Optional
and defaults to false.
- adminapis_settings
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API settings methods. These
control global settings for the entire Duo account. Optional and defaults
to false.
- adminapis_write_resource
- Only valid for integrations of type "adminapi". Set to a true
value to grant permission to use all Admin API methods that create or
modify objects such as as users, phones, and hardware tokens. Optional and
defaults to false.
- enroll_policy
- What to do after an enrolled user passes primary authentication. See the
" enroll_policy()" method below for the possible values.
Optional and defaults to "enroll".
- greeting
- Voice greeting read before the authentication instructions to users who
authenticate with a phone callback. Optional.
- groups_allowed
- A comma-separated list of group IDs that are allowed to authenticate with
the integration. Optional. By default, all groups are allowed.
- ip_whitelist
- CSV string of trusted IPs or IP ranges. Both CIDR-style ranges and ranges
specified by two IP addresses separated by a dash ("-") are
supported. Authentications from these IP addresses will not require a
second factor.
This can only be set for certain integrations. For the range of valid values
and circumstances in which this can be used, see the Duo Admin API
documentation. Optional.
- ip_whitelist_enroll_policy
- What to do after a new user from a trusted IP completes primary
authentication. See the " ip_whitelist_enroll_policy()"
method below for the possible values. Optional and defaults to
"enforce".
- name
- The name of the integration. Required.
- notes
- Any further description of the integration. Optional.
- trusted_device_days
- Number of days to allow a user to trust the device they are logging in
with. This can only be set for certain integrations and must be between 0
and 60. (0 disables this feature.) For the circumstances in which this can
be used, see the Duo Admin API documentation. Optional.
- type
- The type of the integration. For a list of valid values, see the Duo Admin
API documentation. Required.
- username_normalization_policy
- Controls whether or not usernames should be altered before trying to match
them to a user account. See the "
username_normalization_policy()" method below for the possible
values. Optional and defaults to "simple".
- visual_style
- Look and feel of web content generated by the integration. This can only
be set for certain integrations. For a list of valid values and
circumstances in which this can be used, see the Duo Admin API
documentation. Optional.
- new(DUO, DATA)
- Creates a new Net::Duo::Admin::Integration object from a full data set.
DUO is the Net::Duo object that should be used for any further actions on
this object. DATA should be the data structure returned by the Duo REST
API for a single user, after JSON decoding. This constructor is primarily
used internally by other Net::Duo::Admin methods.
- new(DUO, KEY)
- Creates a new Net::Duo::Admin::Integration object from the integration
key. DUO is the Net::Duo object that is used to retrieve the integration
from Duo and will be used for any subsequent operations. The KEY should be
the integration key of the integration. This constructor is distinguished
from the previous constructor by checking whether KEY is a reference.
INSTANCE ACTION METHODS¶
- delete()
- Delete this integration from Duo. After successful completion of this
call, the Net::Duo::Admin::Integration object should be considered
read-only, since no further changes to the object can be meaningfully sent
to Duo.
- json()
- Convert the data stored in the object to JSON and return the results. The
resulting JSON should match the JSON that one would get back from the Duo
web service when retrieving the same object (plus any changes made locally
to the object via set_*() methods). This is primarily intended for
debugging dumps or for passing Duo objects to other systems via further
JSON APIs.
INSTANCE DATA METHODS¶
- adminapi_admins()
- Whether this admin integration may use all Admin API methods.
- adminapis_info()
- Whether this admin integration may use all Admin API account info
methods.
- adminapis_integrations()
- Whether this admin integration may use all Admin API integration
methods.
- adminapis_read_log()
- Whether this admin integration may use all Admin API log methods.
- adminapis_read_resource()
- Whether this admin integration may use all Admin API methods that retrieve
objects such as users, phones, and hardware tokens.
- adminapis_settings()
- Whether this admin integration may use all Admin API settings
methods.
- adminapis_write_resource()
- Whether this admin integration may use all Admin API methods that create
or modify objects such as as users, phones, and hardware tokens.
- enroll_policy()
- What to do after an enrolled user passes primary authentication. The value
will be one of "enroll", to prompt the user to enroll,
"allow", to allow the user to sign in without presenting an
additional factor, and "deny", to deny authentication for this
user.
- greeting()
- Voice greeting read before the authentication instructions to users who
authenticate with a phone callback.
- groups_allowed()
- A reference to an array of group IDs that are allowed to authenticate with
the integration.
- ip_whitelist()
- List of trusted IPs or IP ranges. Ranges may be in the form of CIDR
network blocks or ranges specified by two IP addresses separated by a dash
("-") are supported. Authentications from these IP addresses
will not require a second factor. Example values:
192.0.2.8
198.51.100.0-198.51.100.20
203.0.113.0/24
This is only supported with certain integration types.
- ip_whitelist_enroll_policy()
- What to do after a new user from a trusted IP completes primary
authentication. The value will be either "enforce", meaning that
the user will be subject to the normal enrollment policy as returned by
enroll_policy(), or "allow", which means that the user
will be successfully authenticated without being required to enroll,
skipping any enrollment policy.
- integration_key()
- The identifier of this integration. For "adminapi",
"accountsapi", "rest", and "verify"
integrations, this is the key used as the "integration_key"
value when constructing a Net::Duo object.
- name()
- The name of the integration.
- notes()
- Any further description of the integration.
- secret_key()
- Secret used when configuring systems to use this integration. For
"adminapi", "accountsapi", "rest", and
"verify" integrations, this is the key used as the
"secret_key" value when constructing a Net::Duo object. This is
equivalent to a password and should be treated with the same care.
- trusted_device_days()
- Number of days to allow a user to trust the device they are logging in
with, or 0 if this is disabled. This setting only has an effect for
certain integrations.
- type()
- The type of the integration. For a list of possible values, see the Duo
Admin API documentation.
- username_normalization_policy()
- Controls whether or not usernames should be altered before trying to match
them to a user account. The value will be either "none",
indicating no normalization, or "simple", in which
"DOMAIN\username" and "username@example.com" will be
converted to "username" before authentication is attempted.
- visual_style()
- Look and feel of web content generated by the integration. This only has
an effect for some integrations. For a list of valid values, see the Duo
Admin API documentation.
AUTHOR¶
Russ Allbery <rra@cpan.org>
COPYRIGHT AND LICENSE¶
Copyright 2014 The Board of Trustees of the Leland Stanford Junior University
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
SEE ALSO¶
Net::Duo::Admin
Duo Admin API for integrations
<
https://www.duosecurity.com/docs/adminapi#integrations>
This module is part of the Net::Duo distribution. The current version of
Net::Duo is available from CPAN, or directly from its web site at
<
http://www.eyrie.org/~eagle/software/net-duo/>.