From 59dc10ba8ba682c4a31ca2f8bf95b8b12ecaeb33 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Fri, 28 Dec 2018 23:59:41 +0100
Subject: [PATCH] Updated MFA Provider Configuration (markdown)

---
 MFA-Provider-Configuration.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/MFA-Provider-Configuration.md b/MFA-Provider-Configuration.md
index f664d97..136b7d0 100644
--- a/MFA-Provider-Configuration.md
+++ b/MFA-Provider-Configuration.md
@@ -6,6 +6,26 @@ attributes:
   <mapping of attributes>
 ```
 
+## Duo
+
+This provider needs a configuration to function correctly:
+
+```yaml
+mfa:
+  duo:
+    # Get your ikey / skey / host from  https://duo.com/docs/duoweb#first-steps
+    ikey: "<IKEY>"
+    skey: "<SKEY>"
+    host: "<API HOST>"
+    user_agent: "nginx-sso"
+```
+
+The corresponding expected MFA configuration is as following:
+
+```yaml
+provider: duo
+```
+
 ## Google Authenticator / TOTP (`google`)
 
 The provider name here is `google` while the only supported argument at the moment is `secret`. The secret is what you need to provide to your users for them to add the config to their authenticator. (It MUST be base32 encoded!)