The Now Platform® Washington DC release is live. Watch now!
DUO Security application allows users to access their company network remotely using DUO token.
DUO provides REST API which can be consumed by external application to create users, enroll users, creating token for users in DUO application.
This document mentions detailed steps to integrate service now with DUO REST API so that you can use service now catalog item, workflow and python scripts to automate below use cases for service now DUO Integration.
A) Create Users
B) Enroll User
C) Adding User to DUO Group ( File Generation)
Purpose of this blog is to document code needed to integrate Service now with DUO REST API
A) Create User
Python Script:
"""
JSON format for the input parameters, all paremeters are required
"{
'ikey':'xxx',
'skey':'xxx',
'host':'api-xxxxxx.duosecurity.com',
'username':'xxxx',
'realname':'Tom Alter',
'email':'tomalter@gmail.com',
'alias1':tomr', #login name
'alias2':'global\tomr',
'notes':'test account',
'firstname':'Tom',
'lastname':'Alter'
}"
ARGS
ikey - integration key
skey - secret key
host - admin api url
username - Username
realname - User's real name (optional)
status - User's status, defaults to ACTIVE
notes - Comment field (optional)
email - Email address (optional)
firstname - User's given name for ID Proofing (optional)
lastname - User's surname for ID Proofing (optional)
alias1..alias4 - Aliases for the user's primary username (optional)
Returns newly created user object.
"""
#!/usr/bin/python
from __future__ import absolute_import
from __future__ import print_function
import pprint
import sys
import json
import duo_client
from six.moves import input
#jsonData = json.loads(sys.argv[1].replace("'", '"'))
#print(str(jsonData))
IKEY=sys.argv[1]
SKEY=sys.argv[2]
HOST=sys.argv[3]
USERNAME=sys.argv[4]
REALNAME=sys.argv[5]
EMAIL=sys.argv[6]
ALIAS1=sys.argv[7]
ALIAS2=sys.argv[8]
NOTES=sys.argv[9]
FIRSTNAME=sys.argv[10]
LASTNAME=sys.argv[11]
# Configuration and information about objects to create.
admin_api = duo_client.Admin(
ikey=IKEY,
skey=SKEY,
host=HOST,
)
# Create and return a new user object.
user = admin_api.add_user(
username=USERNAME,
realname=REALNAME,
email=EMAIL,
alias1=ALIAS1,
alias2=ALIAS2,
notes=NOTES,
firstname=FIRSTNAME,
lastname=LASTNAME,
)
#print('Created user:')
pprint.pprint(user)
Workflow Activity To Run Python Script:
var dataObj = {
'ikey': 'xxx',
'skey': 'xxx',
'host': 'xxx.duosecurity.com',
'username': current.variable_pool.requested_for.email,
'realname': current.variable_pool.requested_for.name,
'email': current.variable_pool.requested_for.email,
'alias1': current.variable_pool.requested_for.user_name,
'alias2': 'global\\'+current.variable_pool.requested_for.user_name,
'notes': current.number,
'firstname': current.variable_pool.requested_for.first_name,
'lastname': current.variable_pool.requested_for.last_name
};
var filePath = "scripts\\Python\\DUO\\create_user.py";
var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");
var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.username +' \"'+ dataObj.realname +'\" ' +dataObj.email +" "+ dataObj.alias1 +" "+ dataObj.alias2 +' \"'+ dataObj.notes +'\"'+" "+ '\"' +dataObj.firstname+ '\"' +" "+ '\"' +dataObj.lastname+ ' \"';
var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);
var retObj = new Object();
retObj.output = JSON.stringify(eccResponse.output).replace("\n","");
retObj.error = eccResponse.error;
if(retObj.error && retObj.error != null){
current.work_notes = retObj.error;
activity.result = "failed";
} else{
activity.result = "success";
var jsonOutput = new JSON().decode(JSON.parse(retObj.output));
workflow.scratchpad.user_id = jsonOutput .user_id;
}
B) Enroll User
Python Script:
"""
JSON format for the input parameters, all paremeters are required
"{
'ikey':'xxx',
'skey':'xxx',
'host':'api-xxxxxx.duosecurity.com',
'username':'tomalter@gmail.com',
'email':'tomalter@gmail.com'
}"
ARGS
ikey - integration key
skey - secret key
host - admin api url
username - Username
email - Email address
valid_secs - Seconds before the enrollment link expires
(if 0 it never expires)
Returns nothing
"""
#!/usr/bin/python
from __future__ import absolute_import
from __future__ import print_function
import pprint
import sys
import json
import duo_client
from six.moves import input
#jsonData = json.loads(sys.argv[1].replace("'", '"'))
#print(str(data))
IKEY=sys.argv[1]
SKEY=sys.argv[2]
HOST=sys.argv[3]
USERNAME=sys.argv[4]
EMAIL=sys.argv[5]
# Configuration and information about objects to create.
admin_api = duo_client.Admin(
ikey=IKEY,
skey=SKEY,
host=HOST,
)
#enroll user and enrollment email
admin_api.enroll_user(
username=USERNAME,
email=EMAIL,
valid_secs=86400,
)
#print('Enrollment email has been to user at ', user['email'])
Workflow Activity to call Python Script
var dataObj = {
'ikey': 'xxx',
'skey': 'xxx',
'host': 'xxx.duosecurity.com',
'username': current.variable_pool.requested_for.email,
'email': current.variable_pool.requested_for.email
};
var filePath = "scripts\\Python\\DUO\\enroll_user_and_email.py";
var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");
var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.username +" "+ dataObj.email;
var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);
var retObj = new Object();
retObj.output = JSON.stringify(eccResponse.output).replace("\n","");
retObj.error = eccResponse.error;
if(retObj.error && retObj.error != null){
current.work_notes = retObj.error;
activity.result = "failed";
} else{
activity.result = "success";
}
C). Add User to DUO Group
Python Script:
"""
JSON format for the input parameters, all paremeters are required
"{
'ikey':'xxx',
'skey':'xxx',
'host':'api-xxxxxxxx.duosecurity.com',
'user_id':'xxx',
'group_id':'xxx'
}"
ARGS
ikey - integration key
skey - secret key
host - admin api url
user_id - User ID
group_id - Group ID
Returns nothing
"""
#!/usr/bin/python
from __future__ import absolute_import
from __future__ import print_function
import pprint
import sys
import json
import duo_client
from six.moves import input
#jsonData = json.loads(sys.argv[1].replace("'", '"'))
#print(str(data))
IKEY=sys.argv[1]
SKEY=sys.argv[2]
HOST=sys.argv[3]
USERID=sys.argv[4]
GROUPID=sys.argv[5]
# Configuration and information about objects to create.
admin_api = duo_client.Admin(
ikey=IKEY,
skey=SKEY,
host=HOST,
)
#add user to group
admin_api.add_user_group(
user_id=USERID,
group_id=GROUPID,
)
Workflow Activity to execute Python Script:
var dataObj = {
'ikey': 'xxx',
'skey': 'xxx',
'host': 'api-xxx.duosecurity.com',
'user_id': workflow.scratchpad.user_id,
'group_id': 'xxx'
};
var filePath = "scripts\\Python\\DUO\\add_user_to_group.py";
var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");
var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.user_id +" "+ dataObj.group_id;
var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);
var retObj = new Object();
retObj.output = JSON.stringify(eccResponse.output).replace("\n","");
retObj.error = eccResponse.error;
if(retObj.error && retObj.error != null){
current.work_notes = retObj.error;
activity.result = "failed";
} else{
activity.result = "success";
}
Regards,
Sachin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.