Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)Carbon Black Cloud Managed Detection (formerly Cb Threatsight)
Issue/Introduction
How to setup DUO two-factor authentication for the Carbon Black Cloud Console.
Environment
Carbon Black Cloud Console: All Versions
Duo Security
Resolution
Best Practice: Open a second tab or window after logging into Console, and make changes to 2fa settings there. This allows any changes to be reverted without the need for a Support case in case values were entered incorrectly.
Go to Settings > Users
Under Enable two-factor authentication, click DUO Security
Click Confirm to confirm that you want to enable DUO 2FA for everyone in your organization who will sign in to the Carbon Black Cloud console
Enter the DUO Security Settings from your DUO account into the modal
Find the integration key, secret key, and API hostname in DUO (Applications > + Protect an Application > search "Web SDK" > Protect this Application)
Click Submit
Additional Information
Additional information can be found on the DUO site here.
Having the wrong API Hostname can cause DUO login to fail with "This site can't be reached"