MFA
Duo
How to enforce MFA on Formal Sidecars?
Formal integrates with Duo to enforce MFA when users attempt to connect to Formal Sidecars.
Add Duo integration to Formal
To add Duo to Formal Sidecars, you need to add the following environment variables to the Sidecar:
export DUO_IKEY=<IKEY>
export DUO_SKEY=<SKEY>
export DUO_HOST=<HOST>
Replace
DUO_IKEY
(integration key), DUO_SKEY
(secret key), DUO_HOST
(hostname) with the values specific to your Duo account.Enforce Duo MFA to Sidecars
A very basic policy to enforce MFA to all users and sidecars is the following:
package formal.v2
import future.keywords.if
session := { "action": "mfa" } if {}
This policy will be enforced across all your sidecars and users.
Example
When connecting to a Sidecar, the user will be prompted on Duo to approve or reject the authentication.