Duo Security

If you are already a user of Duo Security Multi-factor or Two-factor authentication and would like to configure XTAM to use Duo, then please perform the following steps. Please note that you will need to be able to access and modify files on the XTAM host computer. Contact your XTAM System Administrator for assistance.


Pre-requisite: XTAM must be deployed with and configured to use its Federated Sign-In component in order to integrate with multi-factor authentication providers.


The XTAM integration with Duo does not use the native Duo user directory; Duo Directory Sync is required. User accounts are first authenticated against XTAM (using AD or Local users) and then the second authentication is done solely through Duo.


  1. Log on to the XTAM host computer.
  2. Open the file $XTAM_HOME/web/conf/catalina.properties
  3. Uncomment the following line only when a single global MFA for the entire XTAM is desired:
  4. Copy

    If you wish to enable different MFA providers for individual users or group, please read this article for additional information.

  5. Edit the following lines by replacing the values after "=" with your specific Duo configuration parameters:

    To generate the required keys in Duo, please refer to this Duo guide which describes how to create the Auth API application (steps 1-3).


    Use your same Duo Secret Key for both the cas.authn.mfa.duo[0].duoSecretKey= and cas.authn.mfa.duo[0].duoApplicationKey= parameters in the above configuration.

  6. When complete, save and close this file.

  7. Restart the service PamManagement.

Once configured, refer to the following article Duo Security MFA – How to Login to Xton Access Manager as a User for steps on how to use Duo MFA with XTAM from an end user’s perspective.