Book Demo!

˂ Return to FAQ

New Xton Documentation Center
Xton help has moved. Please visit the current version of this page for the most recent updates. Our new documentation center can be found at

Duo Security MFA – How to Configure in XTAM

If you are already a user of Duo Security Multi-factor or Two-factor authentication and would like to configure XTAM to use Duo, then please perform the following steps. Please note that you will need to be able to access and modify files on the XTAM host computer. Contact your XTAM System Administrator for assistance.

Pre-requisite: XTAM must be deployed with and configured to use its Federated Sign-In component in order to integrate with multi-factor authentication providers.

The XTAM integration with Duo does not use the native Duo user directory; Duo Directory Sync is required. User accounts are first authenticated against XTAM (using AD or Local users) and then the second authentication is done solely through Duo.


Log on to the XTAM host computer.


Open the file $XTAM_HOME/web/conf/


Uncomment the following line only when a single global MFA for the entire XTAM is desired:


If you wish to enable different MFA providers for individual users or group, please read this article for additional information.


Edit the following lines by replacing the bolded values with your specific Duo configuration parameters:

To generate the required keys in Duo, please refer to this Duo guide which describes how to create the Auth API application (steps 1-3).


Use your same Duo Secret Key for both the cas.authn.mfa.duo[0].duoSecretKey= and cas.authn.mfa.duo[0].duoApplicationKey= parameters in the above configuration.


When complete, save and close this file.


Restart the service PamManagement

Once configured, refer to the following FAQ article Duo Security MFA – How to Login to Xton Access Manager as a User for steps on how to use Duo MFA with XTAM from an end user’s perspective.


Copyright © 2020 Xton Technologies, LLC. All rights reserved.