How can we help you today?
DUO Two Factor Authentication
The instructions in this article are only applicable to MyWorkDrive installations using Active Directory for user identity. Duo MFA is only supported when using Active Directory. When using Entra ID for user directory or with a SAML SSO, please use the multi factor authentication options in Azure/Entra or your Identity Provider.
Two Factor Authentication (2FA) adds an extra layer of security to your MyWorkDrive Web Browser Client Access. MyWorkDrive supports DUO for Two Factor Authentication. In addition to DUO, MyWorkDrive can be integrated with SAML or ADFS for authentication which have their own 2FA built in options – for example; Azure AD MFA, which can be enabled on your MyWorkDrive server using our Azure AD SAML instructions here.
By entering a one-time verification code from your mobile phone or utilizing the Duo App for push notifications in addition to username and password you can enhance security and eliminate casual sharing of user logins. We recommend disabling WebDAV in settings when Two Factor Authentication is needed as it does not support 2FA.
MyWorkDrive version 7 and later supports the new Duo Universal Prompt
Setup procedure
We support Duo.com Two Factor Authentication. Sign-up for an account on Duo.com and ensure you have a working implementation before starting MyWorkDrive Setup. Verify the time is accurate on your Windows Active Directory domain and the domain joined MyWorkDrive Server. DUO requires accurate time to authenticate users.
On the Duo Admin Dashboard, click Applications, Protect an Application. Search for and choose “MyWorkDrive”. Click – Protect this Application:
Copy and paste the Integration Key (Ikey), API Hostname (Host) and Secret Key (Skey) from your Duo.com Web SDK page into your MyWorkDrive Admin Panel (Advanced Settings, Two Factor Authentication Section)
To prevent duplicate user accounts from being created in DUO, enable user account normalization:
On the Duo.com admin panel under Settings – General for easier reference type “MyWorkDrive” under Name. Click Save Changes.
Note – It is not required to pre-populate user names into Duo. However, you may wish to enter or sync user names ahead of time. If you have existing user accounts in DUO, to use the existing accounts, ensure you require users to either login with the same username in MyWorkDrive (samaccountname, upn, email address as configured in Active Directory) or add aliases to each user account in DUO ( .e.g. username). You can require users to login with email address under general settings in the MyWorkDrive Admin Panel.
MyWorkDrive Admin Panel – Enterprise Settings:
Click “Enable” to enable Two Factor Access and enter the information as follows.
Host – API Hostname
Ikey – Integration Key
SKey – SecretKey
AKey – Unique identifier for Duo, do not change.
We recommend disabling WebDAV since it does not support Two Factor. Our Browser, Desktop (mapped drive) and Mobile clients all support DUO Two Factor Authentication.
Version 6.1 of MyWorkDrive now includes the option to enable Modern Authentication (server 6.1 or higher includes a check box for Modern Authentication in Duo settings). Modern Auth includes a new client/server information exchange to harden the Duo communication against intrusion or impersonation. Enabling this feature requires MyWorkDrive clients (Map Drive and Mobile) to be updated to version 6.1 or higher. We would recommend deploying Modern Auth on all new installations where support for older clients is not required, and an upgrade plan to promptly migrate clients to 6.1 in existing installations.
Enabling DUO on a subset of users only
To only require two factor authentication (2FA) for a subset of users ( typically users who have access to sensitive shares in MyWorkDrive), pre-populate the users in DUO who will need to use 2FA, then edit the New User Global Policy in the DUO Admin panel to allow access without 2FA. Any users not already added to DUO will be allowed access without an account.
For large organizations you may wish to sync Active Directory and limit sync to groups whom you wish to be subject to 2FA. Any other users will be allowed access without 2FA.
Remembered Devices
DUO supports remembered devices using the Web Client Only. This is managed in the DUO admin panel. Duo Remembered Devices article.