## Duo Push authentication

Nuki Hub supports the use of the [Cisco Duo Auth API](https://duo.com/docs/authapi) for Multi-factor authentication (MFA).
Cisco Duo can be used for free with unlimited pushes using Duo Push authentication with the Duo application running on an Android device or iPhone.

## Setup

- Signup for a [free Duo account](https://duo.com/editions-and-pricing/duo-free) at https://signup.duo.com/
- Follow the guided Duo setup to create an administrator account
- Optionally add a separate user specifically for Nuki Hub.
- On the user page add a Phone to the user and follow the instructions to setup and authorize the Duo app on an Android device or iPhone.
- In the Duo Admin panel go to "Applications" and select "Protect an Application"
- Search for "Partner Auth API" and click "Protect"
- Optionally change the name to "Nuki Hub" under settings and click "Save"
- Enter the Integration key, Secret key and API hostname on the "Credentials" page of Nuki Hub by using the buttons to copy the unredacted values.
- Enter the username of your Duo user that you want to receive the push notification in the "Duo user" field in Nuki Hub
- Check the box next to "Duo Push authentication enabled"
- Optionally check the box next to "Require Duo Push authentication for all sensitive Nuki Hub operations" to require Duo Push approval on all sensitive Nuki Hub operations (changing/exporting settings)
- Optionally (but very much preferred) set HTTP authentication type to "Form"
- Click "Save"
- Approve the Duo Push notification on your device. Note: If the first authentication after a change to these settings fails or is not approved (in time), MFA will be disabled to prevent a lockout.
- Reboot the Nuki Hub device, logout and confirm that you are required to reauthenticate using Duo Push (and your Nuki Hub username and password)