Formal integrates with Duo to enforce MFA when users attempt to connect to Formal Sidecars.

Add Duo integration to Formal

To add Duo to Formal Sidecars, you need to add the following environment variables to the Sidecar:

export DUO_IKEY=<IKEY>
export DUO_SKEY=<SKEY>
export DUO_HOST=<HOST>
Replace DUO_IKEY (integration key), DUO_SKEY (secret key), DUO_HOST (hostname) with the values specific to your Duo account.

Enforce Duo MFA to Sidecars

A very basic policy to enforce MFA to all users and sidecars is the following:

package formal.v2

import future.keywords.if

session := { "action": "mfa" } if {}

This policy will be enforced across all your sidecars and users.

Example

When connecting to a Sidecar, the user will be prompted on Duo to approve or reject the authentication.