Skip to main content

What Living Security needs

Scopes: Read log access + Read resource access Required role: Owner (to create Admin API applications)
The secret key is the HMAC-SHA1 signing key used to authenticate every API request — it is not a plain bearer token. Both the integration key and secret key are required.

Prerequisites

  • You must be signed in to the Duo Admin Panel with the Owner role. Only Owners can create or modify Admin API applications.

Part A — In Duo Admin Panel

Your Duo administrator completes these steps.
1

Navigate to the Application Catalog

  1. Sign in to your Duo Admin Panel.
  2. In the left navigation, click Applications, then select Application Catalog.
  3. Search for Admin API, then click + Add.
2

Name your Admin API application

Give the application a descriptive name (e.g., Living Security Platform).
3

Grant the required permissions

Enable the following permission grants:
Grant only these permissions. Do not enable Write permissions — they are not required.
If syncs return a 403 error after connecting, the application is missing a permission grant. Duo does not allow editing grants after creation — you must delete the application and create a new one with the correct grants.
4

(Optional) Restrict network access

Under Networks for API Access, you may optionally enter IP addresses or CIDR ranges allowed to call this Admin API application.
Contact your Living Security Customer Success Manager for current egress IP ranges if you want to restrict network access.
5

Save and copy your credentials

After saving, Duo displays:Copy the API hostname exactly as shown — no https:// prefix, no trailing slash.
Treat the secret key like a password. If lost, it cannot be retrieved — you must regenerate it or recreate the application.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Duo Admin.

Troubleshooting

The secret key is invalid or the HMAC-SHA1 signature failed. Verify:
  1. The secret key was copied correctly (no extra spaces)
  2. The integration key matches the secret key from the same application
  3. The API hostname is correct
The application is missing one of the required permission grants (read log or read resource). Duo does not allow editing grants after creation — delete the application and create a new one with both grants enabled.
If IP restrictions are configured on the Admin API application, verify Living Security’s egress IP ranges are included. Contact support for current IP ranges.
The connection dialog’s API key field expects the Duo secret key (skey), not the integration key. The secret key is used for HMAC-SHA1 request signing.
Enter only the hostname (e.g., api-XXXXXXXX.duosecurity.com). Do not include https:// or a trailing slash.