Integrating Duo with BetterCloud



When integrating a new application with your BetterCloud instance, the overall installation process is consistent. However, each integration is different, and may require varying levels and types of authentication. This article provides instructions for configuring and collecting all the information you need in order to add the Duo integration in BetterCloud.

BetterCloud uses Basic and HMAC Authentication to integrate with Duo. When adding this integration you must enter the following information:

  • duoHostname
  • duoAdminIntegrationKey
  • duoAdminSecretKey
  • duoAuthIntegrationKey
  • duoAuthSecretKey
  • bcApiToken
  • bcGoogleConnectorId

*Please note the following important requirements:

  • You must contact Duo Support in order to enable access to the Duo Admin API before you will be able to take the following steps and integrate Duo with BetterCloud.
  • In order to manage the Admin API application, you must also be assigned to an Owner role in Duo.
  • The Admin API is only available to Duo Beyond, Duo Access, and Duo MFA plan customers. Read more here.
  • The bcApiToken field will currently require the ability to generate BetterCloud API tokens. This field is optional for all Duo actions besides Create and Send Bypass codes.
  • The bcGoogleConnectorId field requires the ability to query BetterCloud’s GraphQL. This field is optional for all Duo actions besides Create and Send Bypass codes.

Hostname, Admin Integration Key, and Admin Secret Key

In order to find your unique hostname and your admin integration key and secret, please follow the steps below:

In Duo, select “Applications,” then “Protect an Application.”

Select the Admin API.

This page contains your admin integration key, secret key, and your API hostname all in one place.

The integration key and secret key will be random strings of numbers and letters, while the API hostname will typically be in the format Copy these values into the appropriate fields in your integration’s settings.

Before saving your Admin API settings, be sure to scroll down and grant the "read resource" and "write resource" permissions to your API keys.


Auth Integration Key and Auth Secret Key

In Duo, navigate to “Applications” > “Protect an Application.”

Select the Auth API.


Your integration key and secret key will appear under the Details section. Copy these values into the authIntegrationKey and authSecretKey fields.

BC API Token

A BetterCloud API token is required to use the Create and Send Bypass codes action. To generate this token, navigate to “BetterCloud APIs” > “API Token” from the left menu. Click “Create” to create a new token.

You will need to provide a name for your new token before creating it.

Copy your API token to your clipboard, as you will not be able to view it again.


BC Google Connector ID

Finally, a BetterCloud Google Connector ID is also required to use the Create and Send Bypass codes action. You can query the BetterCloud Data Graph to retrieve this ID. To start, go to the BetterCloud Developer Portal, then navigate to “Data Graph” > “Explorer” from the left menu.


Enter and run the following GraphQL query:

bcusers {
accounts {
emails {
provider {

The BC Google Connector ID will be in the response to that query

Once you have successfully added the integration, all of the information you have provided will be available as encrypted environment variables in your integration, and can be updated at any time.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request