Duo Schema¶
DuoApiHost¶
Represents a Duo API Host to conain Duo resources.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The hostname |
Relationships¶
An DuoApiHost contains DuoUsers
(DuoApiHost)-[RESOURCE]->(DuoUser)
An DuoApiHost contains DuoGroups
(DuoApiHost)-[RESOURCE]->(DuoGroup)
An DuoApiHost contains DuoEndpoints
(DuoApiHost)-[RESOURCE]->(DuoEndpoint)
An DuoApiHost contains DuoPhones
(DuoApiHost)-[RESOURCE]->(DuoPhone)
An DuoApiHost contains DuoTokens
(DuoApiHost)-[RESOURCE]->(DuoToken)
An DuoApiHost contains DuoWebAuthnCredentials
(DuoApiHost)-[RESOURCE]->(DuoWebAuthnCredential)
DuoGroup¶
Represents a group in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The user_id |
desc |
The group’s description. |
group_id |
The group’s ID. |
mobile_otp_enabled |
Legacy parameter; no effect if specified and always returns false. |
name |
The group’s name. If managed by directory sync, then the name returned here also indicates the source directory. |
push_enabled |
Legacy parameter; no effect if specified and always returns false. |
sms_enabled |
Legacy parameter; no effect if specified and always returns false |
status |
The group’s authentication status. May be one of: “Active”, “Bypass”, “Disabled” |
voice_enabled |
Legacy parameter; no effect if specified and always returns false |
Relationships¶
An DuoApiHost contains DuoGroups
(DuoApiHost)-[RESOURCE]->(DuoGroup)
A DuoUser is part of multiple DuoGroups.
(DuoUser)-[MEMBER_OF_DUO_GROUP]->(DuoGroup)
DuoUser¶
Represents a user in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The user_id |
alias1 |
The user’s username alias1. |
alias2 |
The user’s username alias2. |
alias3 |
The user’s username alias3. |
alias4 |
The user’s username alias4. |
aliases |
Map of the user’s username alias(es). Up to eight aliases may exist. |
created |
The user’s creation date as a UNIX timestamp. |
The user’s email address. |
|
firstname |
The user’s given name. |
groups |
List of groups to which this user belongs. See Retrieve Groups for response info. |
is_enrolled |
Is true if the user has a phone, hardware token, U2F token, WebAuthn security key, or other WebAuthn method available for authentication. Otherwise, false. |
last_directory_sync |
An integer indicating the last update to the user via directory sync as a Unix timestamp, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo. |
last_login |
An integer indicating the last time this user logged in, as a Unix timestamp, or null if the user has not logged in. |
lastname |
The user’s surname. |
notes |
Notes about this user. Viewable in the Duo Admin Panel. |
realname |
The user’s real name (or full name). |
status |
The user’s status. One of: “active”, “bypass”, “disabled”, “locked out”, “pending deletion”. |
tokens |
A list of tokens that this user can use. A list of JSON strings |
u2f_tokens |
A list of U2F tokens that this user can use. A list of JSON strings |
user_id |
The user’s ID. |
username |
The user’s username. |
webauthncredentials |
A list of WebAuthn authenticators that this user can use. A list of JSON strings |
Relationships¶
An DuoApiHost contains DuoUsers
(DuoApiHost)-[RESOURCE]->(DuoUser)
A DuoUser is part of multiple DuoGroups.
(DuoUser)-[MEMBER_OF_DUO_GROUP]->(DuoGroup)
A DuoUser has multiple DuoEndpoints
(DuoUser)-[HAS_DUO_ENDPOINT]->(DuoEndpoint)
A DuoUser has multiple DuoPhones
(DuoUser)-[HAS_DUO_PHONE]->(DuoPhone)
A DuoUser has multiple DuoTokens
(DuoUser)-[HAS_DUO_TOKEN]->(DuoToken)
A DuoUser has multiple WebAuthnCredentials
(DuoUser)-[HAS_DUO_WEB_AUTHN_CREDENTIAL]->(WebAuthnCredential)
A DuoUser is an identity to a Human
(DuoUser)<-[IDENTITY_DUO]-(Human)
DuoEndpoint¶
Represents a endpoint in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The epkey |
browsers |
Collected information about all detected browsers on an individual endpoint. A list of JSON strings |
computer_sid |
The machine security identifier of a Windows endpoint. |
cpu_id |
The CPU ID of a Windows endpoint. |
device_id |
Custom device identifier of a Meraki-managed iOS endpoint. Returned for Duo Premier customers only. |
device_identifier |
The unique device attribute value that identifies the endpoint. Returned for Duo Premier customers only. This property will be deprecated in a future release. |
device_identifier_type |
The device attribute used to identify a unique endpoint. One of “hardware_uuid”, “fqdn”, “hardware_serial”, “device_udid”, or none. This property will be deprecated in a future release. |
device_name |
The endpoint’s hostname. |
device_udid |
The unique device identifier for iOS endpoints managed by Workspace ONE, MobileIron Cloud or Core, or Sophos Mobile via certificates. Returned for Duo Premier customers only. |
device_username |
The unique attribute value that identifies the endpoint’s associated user in the management system. Returned for Duo Premier customers only. |
device_username_type |
The management system attribute used to identify the user associated with the unique endpoint. One of “os_username”, “upn”, “username”, “email”, or none. Returned for Duo Premier customers only. |
disk_encryption_status |
The hard drive encryption status of the endpoint as detected by the Duo Device Health app. One of “On”, “Off”, or “Unknown”. |
domain_sid |
The Active Directory domain security identifier for a domain-joined Windows endpoint. Empty if the Windows endpoint is not joined to a domain. |
The email address, if present, of the user associated with an endpoint. |
|
epkey |
The endpoint’s unique identifier. |
firewall_status |
Status of the endpoint’s local firewall as detected by the Duo Device Health app. One of “On”, “Off”, or “Unknown”. |
hardware_uuid |
The universally unique identifier for a Mac endpoint. |
health_app_client_version |
The version of the Duo Device Health app installed on the endpoint. |
health_data_last_collected |
The last time the Duo Device Health app performed a device health check, as a Unix timestamp. |
last_updated |
The last time the endpoint accessed Duo, as a Unix timestamp. |
machine_guid |
The globally unique identifier for a Windows endpoint. |
model |
The device model of a 2FA endpoint. |
os_build |
The endpoint’s operating system build number. |
os_family |
The endpoint’s operating system platform. |
os_version |
The endpoint’s operating system version. |
password_status |
Whether the local admin password is set on the endpoint as detected by the Duo Device Health app. One of “Set”, “Unset”, or “Unknown” |
security_agents |
Information about security agents present on the endpoint as detected by the Duo Device Health app. Returned for Duo Premier customers only. a list of JSON strings |
trusted_endpoint |
Whether the endpoint is a Duo managed endpoint. One of “yes”, “no”, or “unknown”. Returned for Duo Premier customers only. |
type |
The endpoint’s device class. |
username |
The Duo username of the user associated with an endpoint. |
Relationships¶
An DuoApiHost contains DuoEndpoints
(DuoApiHost)-[RESOURCE]->(DuoEndpoint)
A DuoUser has multiple DuoEndpoints
(DuoUser)-[HAS_DUO_ENDPOINT]->(DuoEndpoint)
DuoPhone¶
Represents a phone in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The phone_id |
activated |
Has this phone been activated for Duo Mobile yet? Either true or false. |
capabilities |
List of strings, each a factor that can be used with the device. Any of “auto”, “push”, “pphone”, “sms”, “mobile_otp” |
encrypted |
The encryption status of an Android or iOS device file system. One of: “Encrypted”, “Unencrypted”, or “Unknown”. Blank for other platforms. |
extension |
An extension, if necessary. |
fingerprint |
Whether an Android or iOS phone is configured for biometric verification. One of: “Configured”, “Disabled”, or “Unknown”. Blank for other platforms. |
last_seen |
An integer indicating the timestamp of the last contact between Duo’s service and the activated Duo Mobile app installed on the phone. Blank if the device has never activated Duo Mobile or if the platform does not support it. |
model |
The phone’s model. |
name |
Free-form label for the phone. |
phone_id |
The phone’s ID. |
platform |
The phone platform. One of: “unknown”, “google android”, “apple ios”, “windows phone 7”, “rim blackberry”, “java j2me”, “palm webos”, “symbian os”, “windows mobile”, or “generic smartphone” |
postdelay |
The time (in seconds) to wait after the extension is dialed and before the speaking the prompt. |
predelay |
The time (in seconds) to wait after the number picks up and before dialing the extension. |
screenlock |
Whether screen lock is enabled on an Android or iOS phone. One of: “Locked”, “Unlocked”, or “Unknown”. Blank for other platforms. |
sms_passcodes_sent |
Have SMS passcodes been sent to this phone? Either true or false. |
tampered |
Whether an iOS or Android device is jailbroken or rooted. One of: “Not Tampered”, “Tampered”, or “Unknown”. Blank for other platforms. |
type |
The type of phone. One of: “unknown”, “mobile”, or “landline”. |
Relationships¶
An DuoApiHost contains DuoPhone
(DuoApiHost)-[RESOURCE]->(DuoPhone)
A DuoUser has multiple DuoPhones
(DuoUser)-[HAS_DUO_PHONE]->(DuoPhone)
DuoToken¶
Represents a token in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The token_id |
admins |
A list of administrators associated with this hardware token. See Retrieve Administrators for descriptions of the response fields. A list of JSON strings |
serial |
The serial number of the hardware token; used to uniquely identify the hardware token when paired with type. |
token_id |
The hardware token’s unique ID. |
totp_step |
Value is null for all supported token types. |
type |
The type of hardware token. |
Relationships¶
An DuoApiHost contains DuoTokens
(DuoApiHost)-[RESOURCE]->(DuoToken)
A DuoUser has multiple DuoTokens
(DuoUser)-[HAS_DUO_TOKEN]->(DuoToken)
DuoWebAuthnCredential¶
Represents a web authn credential in Duo.
Field |
Description |
---|---|
firstseen |
Timestamp of when a sync job first discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The webauthnkey |
admin |
Selected information about the administrator attached to the WebAuthn credential. Returns null if attached to an end user. Not returned if the API application does not have sufficient permission to manage administrators. A JSON string |
credential_name |
Free-form label for the WebAuthn credential. |
date_added |
The date the WebAuthn credential was registered in Duo. |
label |
Indicates the type of WebAuthn credential. One of: “Security Key” or “Touch ID”. Present when attached to a user. |
webauthnkey |
The WebAuthn credential’s registration identifier. |
Relationships¶
An DuoApiHost contains DuoWebAuthnCredentials
(DuoApiHost)-[RESOURCE]->(DuoWebAuthnCredential)
A DuoUser has multiple DuoWebAuthnCredentials
(DuoUser)-[HAS_DUO_WEB_AUTHN_CREDENTIAL]->(DuoWebAuthnCredential)