Login
        Contents x
        Response Actions for Cisco Duo
        • 07 Jul 2025
        • 1 Minute to read
        • PDF
        Contents

        Response Actions for Cisco Duo

        • Updated on 07 Jul 2025
        • 1 Minute to read
        • PDF
        Article summary

        The Red Canary Automation interface provides the following response action for Cisco Duo:

        Update Duo User Status
        This action allows you to set a user’s status to either Active or Disabled:

        • Active - The user is enabled in Duo and can use two-factor authentication (2FA) to log in

        • Disabled - The user is blocked from using Duo and can’t log in

        Notes

        • The Disabled status can’t be set for users who are managed by Active Directory or Entra ID sync

        • The Active status can’t be set for users who are disabled by directory sync

        • The status of admin accounts can’t be changed

        Prerequisites

        Adding Cisco Duo Response Actions to a Playbook

        To add the Cisco Duo response action to an Automate playbook:

        1. From the Red Canary portal navigation menu, select Automation > Playbooks.

        2. In the Playbooks section, open an existing Automate playbook or make a new one by clicking +Create New Playbook.

        3. Assign or edit the playbook name and description, then click +Add Action.

        4. From the Cisco Duo section, add the required action to the playbook.

        5. Choose the user status:

          • Active

          • Disabled

        6. Enter the API Hostname, Integration Key, and Secret Key from the Duo Admin API application you set up when you integrated Red Canary with Duo. For more information, see Integrate Cisco Duo with Red Canary

        7. [OPTIONAL] Check the Require Approval box and provide contact details if you want someone to approve this action before it executes. This will apply to both manual and automatically-triggered executions.

        8. Click Save.

        Manually Executing the Response Actions

        To execute the Cisco Duo response actions manually:

        1. Open the playbook and click Run.

        2. Search for the user identity in the drop down then click Run.

        3. Click the Follow along… link to view the results of the action.

          If you set the action to Require Approval, you’ll need to approve it before it can execute.

        Automatically Executing the Response Actions

        To execute the Cisco Duo response actions automatically, link an appropriate trigger to the playbook. For more information, see Customize When a Playbook is Run With Triggers.

        Was this article helpful?
        What's Next
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout