IAM in Service Catalog
A departmental system or application must authenticate to initiate Duo 2FA for its users. Integrations follow one of two patterns: direct integration with Duo or integration with the UW Token Authentication Web Service (TAWS). Direct Duo integrations use an assigned application key and secret key to authenticate. TAWS integrations use an x509 certificate and mutual TLS authentication. These credentials are scoped to a single integration type and a single domain of administrative control. The departmental contacts may use the same integration credentials on any of their systems or applications with the same integration type.
Integration credentials (application key and secret key or certificate private key) must be protected from disclosure to any individuals outside the departmental IT team. If there is evidence or suspicion that the credentials have been compromised, contact IAM via firstname.lastname@example.org so old credentials can be revoked and new ones issued.