Skip to main content

Setting the order for the DUO authentication methods

The Authentication methods order option may be used to specify the order for the list of the multifactor authentication methods that are presented to a DUO user for challenge response authentication.

The order may be specified by either a list on the target address configuration page or from a file.

When choosing the list option and specifying the multifactor authentication methods, these fields allow multiple values. To fill in multiple values, select List from the drop-down list box displaying in front of these fields, and use the More button to add additional input boxes when more than one value is given. The value in each input box is treated as a single value, for example:

  • push

  • passcode

  • sms

  • phone

These values represent the following multifactor authentication methods:

  • Push notification to accept or deny from the Duo Mobile app

  • Passcode from the Duo Mobile app

  • SMS text message for a passcode

  • Phone call to authenticate from a key press

There is also an option to specify the authentication order in a file. To use the file, select File option from the drop-down list and specify the file name in the field.

The file must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory and contain a list of the authentication order for the DUO multifactor authentication methods.

To specify the authentication order:

# KVGROUP-V2.0
   authorder = {
      "push";
      "passcode";
      "sms";
      "phone";
   };

The list of the multifactor authentication methods may be modified to re-order how they are presented to a user for challenge response authentication.

If the user has more multifactor authentication methods than what is provided for the authentication methods order, the methods provided in the list will be the first ones that are shown to the user and the remaining methods will be directly underneath in the provided list to the user.

The authentication methods are also listed first in the order of the user’s phone numbers or devices and secondly in the order as defined by Authentication methods order.

So for example, if a user has both mobile phone(s) as well as landline phone(s), all of the phone numbers across all devices and numbers will not necessarily be listed together across all phones. They will instead be grouped together first according to each phone number or set of devices.

In this section: