chauthmultifactorduo

Parameters

-enable

(Optional) Specifies the enablement of the multifactor authentication service.

-disable

(Optional) Specifies the disablement of the multifactor authentication service.

-force

(Optional) When used with the -disable parameter, removes MFA from all user groups and the superuser profile that currently use MFA.

-failmode

(Optional) Specifies the system behavior for the user logins when the MFA server is unavailable. Value can be insecure or secure

• A secure failmode indicates the failure of the MFA-enabled users if the server is unavailable.
• An insecure failmode indicates the success of the MFA-enabled users if the server is unavailable.

-hostname host_name

(Optional) Specifies the hostname of the Duo Security tenant. It must consist of a string up to 255 printable ASCII characters.

-openidclientid openid_client_id

(Optional) Specifies the Duo Security OpenID Connect client ID for the system. It is required to enable the multifactor authentication for login to the GUI. It must consist of a string up to 64 printable ASCII characters.

-openidclientsecret openid_client_secret

(Optional) Specifies the Duo Security OpenID Connect client secret of the system. It must consist of a string up to 64 printable ASCII characters.

-integrationkey integration_key

(Optional) Specifies the Duo Security key of the system. It is required to enable the multifactor authentication for login to the CLI. It must consist of a string up to 64 printable ASCII characters.

-secretkey secret_key

(Optional) Specifies the Duo Security secret key of the system. It must consist of a string up to 64 printable ASCII characters.

-maxprompts max_prompts

(Optional) Specifies the maximum number of the prompts displayed when attempting to log in with a second factor on the CLI.