Integrating Duo with BetterCloud



When integrating a new application with your BetterCloud instance, the overall installation process is consistent. However, each integration is different, and may require varying levels and types of authentication. This article provides instructions for configuring and collecting all the information you need in order to add the Duo integration in BetterCloud.

BetterCloud uses Basic and HMAC Authentication to integrate with Duo. When adding this integration you must enter the following information:

  • duoHostname
  • duoAdminIntegrationKey
  • duoAdminSecretKey
  • duoAuthIntegrationKey
  • duoAuthSecretKey
  • bcApiToken
  • bcGoogleConnectorId

*Please note the following important requirements:

  • You must contact Duo Support in order to enable access to the Duo Admin API before you will be able to take the following steps and integrate Duo with BetterCloud.
  • In order to manage the Admin API application, you must also be assigned to an Owner role in Duo.
  • The Admin API is only available to Duo Beyond, Duo Access, and Duo MFA plan customers. Read more here.
  • The bcApiToken field will currently require the ability to generate BetterCloud API tokens. This field is optional for all Duo actions besides Create and Send Bypass codes.
  • The bcGoogleConnectorId field is optional for all Duo actions besides Create and Send Bypass codes.

Hostname, Admin Integration Key, and Admin Secret Key

In order to find your unique hostname and your admin integration key and secret, please follow the steps below:

In Duo, select “Applications,” then “Protect an Application.”

Select the Admin API.

This page contains your admin integration key, secret key, and your API hostname all in one place.

The integration key and secret key will be random strings of numbers and letters, while the API hostname will typically be in the format Copy these values into the appropriate fields in your integration’s settings.

Before saving your Admin API settings, be sure to scroll down and grant the "administrators", "read resource", "read information," and "write resource" permissions to your API key (the "Grant administrators" permission is required for the Remove Admin action - if it is not granted, this action will fail).


Auth Integration Key and Auth Secret Key

In Duo, navigate to “Applications” > “Protect an Application.”

Select the Auth API.


Your integration key and secret key will appear under the Details section. Copy these values into the authIntegrationKey and authSecretKey fields.

BC API Token

A BetterCloud API token is required to use the Create and Send Bypass codes action. To generate this token, navigate to “BetterCloud APIs” > “API Token” from the left menu. Click “Create” to create a new token.

You will need to provide a name for your new token before creating it.

Copy your API token to your clipboard, as you will not be able to view it again.


BC Google Connector ID

Finally, a BetterCloud Google Connector ID is also required to use the Create and Send Bypass codes action.

The easiest way to find this ID is to navigate to the "Installed" tab of the Integration Center, and click on your Google integration.


Check the resulting URL on the integration's details page. Copy the ID at the end of the URL into the bcGoogleConnectorId field.


Once you have successfully added the integration, all of the information you have provided will be available as encrypted environment variables in your integration, and can be updated at any time.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request