lsauthmultifactorduo

Use the lsauthmultifactorduo command to list the system-wide Duo Security multifactor authentication configuration.

Syntax

Read syntax diagramSkip visual syntax diagram lsauthmultifactorduo

Parameters

None.

Description

This table provides the attribute values that can be displayed as output view data.

Table 1. lsauthmultifactorduo output
Attribute Description
status Indicates the MFA enablement status using Duo Security. Value can be enabled or disabled.
failmode Indicates how the system should behave for the user logins when the MFA server is disabled. Value can be insecure or secure.
  • A secure failmode indicates the failure of the MFA-enabled users if the server is unavailable.
  • An insecure failmode indicates the success of the MFA-enabled users if the server is unavailable.
hostname Indicates the hostname of the Duo Security tenant. It must consist of a string up to 255 printable ASCII characters.
openid_client_id Indicates the Duo Security OpenID Connect client ID for the system. It must consist of a string up to 64 printable ASCII characters.
openid_client_secret_set Indicates whether the Duo Security OpenID Connect client secret has been set. Value can be yes or no.
integration_key Indicates the Duo Security integration key for the system. It must consist of a string up to 64 printable ASCII characters.
secret_key_set Indicates whether the Duo Security secret key for the system is set or not. Value can be yes or no.
max_prompts Indicates the maximum number of prompts displayed when logging in with a second factor on the CLI.