# Duo Identity Verification Crate {% hint style="info" %} If you’re new to Crates, read through our introductory Crate documentation [here](https://docs.rewst.help/prebuilt-automations/crates). Find the Crate in our Crate Marketplace. {% endhint %} ## What does the Duo Identity Verification Crate do? Our Duo Identity Verification Crate enables Duo identity verification when a user submits a ticket. ### How the Crate works * The Crate's workflow adds an internal note with a verification link when a ticket is created in your PSA. * When a technician clicks the link, a Duo request is sent to the user who submitted the ticket. * The user’s first and last name must match the user's name in Duo. * The user will see the following in their duo request: `Verification is required for the ticket you submitted: "Ticket Title".` * The ticket note will result in one of the following outcomes: * **Approved:** `"username" has verified this ticket.` * **Timed out:** A note states the request timed out and provides a new verification link. * **Denied:** `"username" has denied approval.` A new link is provided if needed. ### Workflow breakdown 1. The workflow begins with the **START** task using the **noop** action, which evaluates the incoming data to determine the PSA system being used. 2. If the organization uses Datto PSA and a contact ID is present, the workflow executes the **datto\_get\_contact** task using the **Get Contact v2** action to retrieve contact information from Datto PSA. 3. If the organization uses Freshdesk and a requester ID is present, the workflow executes the **freshdesk\_get\_contact** task using the **Get Contact** action to retrieve contact information from Freshdesk. 4. For other PSA systems or when no specific contact retrieval is needed, the workflow proceeds directly to the **set\_variables** task using the **noop** action to normalize and set ticket variables. 5. The **set\_variables** task processes incoming data differently based on whether it came from a GET request or a ticket webhook, extracting ticket ID, contact name, ticket summary, and company ID information. 6. The **input\_variable\_checks** task using the **noop** action validates that all required variables are present, including ticket ID, first name, last name, company ID, and ticket summary. 7. Upon successful validation, the **get\_org\_id** task uses the **List Organization Variables** action to find the appropriate Rewst organization ID based on the company ID and retrieve the Duo account ID. 8. The **list\_triggers** task uses the **List Triggers** action to find the Duo Identity Verification Webhook trigger and construct a webhook URL for future verification requests. 9. Depending on the PSA system and configuration, the workflow may execute the **update\_ticket** task using the **PSA: Update Ticket** action to add an internal note with the verification link to the ticket. 10. If ConnectWise PSA is being used with pod functionality enabled, the **rewst\_associate\_external\_object** task uses the **Associate External Object** action to link the ticket with the workflow execution. 11. The **initial\_pod\_request** task uses the **Create Pod Confirmation** action to display a verification button in the ConnectWise PSA pod interface and waits for user interaction. 12. When the verification button is clicked, the **list\_duo\_users** task uses the **List Users** action to retrieve all users from the Duo account. 13. The **duo\_pre\_checks** task using the **noop** action matches the ticket contact's first and last name against Duo users to find exactly one matching user. 14. If exactly one user is matched, the **duo\_send** task uses the **Send Duo Authentication** action to send a push notification to the user's device requesting verification for the specific ticket. 15. Based on the Duo response, the **update\_ticket\_duo\_response** task uses the **PSA: Update Ticket** action to add a note indicating whether the user approved, denied, or timed out on the verification request. 16. If the verification was not approved and pod functionality is enabled, the workflow may create another pod with the verification link for future attempts. 17. Any task failures throughout the workflow are caught by the **failure\_catch** task using the **noop** action, which routes to the end of the workflow. ## Crate prerequisites Your [PSA must be successfully integrated](/documentation/integrations/top-5-integration-types-get-started-with-integrations-in-rewst.md#psa-integrations) with Rewst. This Crate works with the following PSAs only: * [ConnectWise PSA](/documentation/integrations/integration-guides/connectwise-integration-setup.md) - Pods are supported. * [Datto PSA](/documentation/automations/kits/datto-psa-integration-kit.md) * [Halo PSA](/documentation/automations/kits/halo-psa-integration-kit.md) * [Kaseya BMS](/documentation/integrations/integration-guides/kaseya-bms-integration-setup.md) * [Freshdesk](/documentation/integrations/integration-guides/freshdesk-integration-setup.md) [Duo](/documentation/integrations/integration-guides/duo-integration-setup.md) integration must successfully be set up with Rewst. ## Unpack the Duo Identity Verification Crate 1. Navigate to **Marketplace > Crates** in the left side menu Rewst platform. 2. Search for `Duo Identity Verification`.​\ \ ![](/files/WlqzGEGhaSpkvEpkQBLP) 3. Click on the Crate tile to begin unpacking. 4. Click **Unpack Crate**. 5. Click **Continue**. 6. Ensure that **Enabled** is toggled on for **Cron Job** under **Configure Triggers**. Note that you have the option under the accordion menu of the trigger to activate the Crate for all future organizations in addition to the current one. You may also set the [trigger criteria](/documentation/automations/intro-to-triggers/trigger-criteria.md) or [integration overrides](/documentation/automations/intro-to-triggers.md). 7. Click **Unpack**. ### Test the Crate 1. Create a ticket in your PSA. Ensure the contact associated with the ticket matches the first and last name of the user in Duo. 2. Once the ticket is created, it will add a note— or POD, if enabled— with a link that states, `Please click the following link to verify the identity of this ticket`. 3. Click the link to send a Duo request to the contact associated with the ticket. Note that this will only work if the first and last name match. 1. If it is approved via Duo, a note will be created stating:\ `The User has verified this ticket.` 2. If you don't respond in time, a note will be created stating:\ `The Duo authentication request for user {{CTX.user_id}} has timed out. To request another verfication from {{ CTX.user_id }} please click the following link` 3. If you select deny, a note will be created stating:\ `The user has denied approval.`\ `To request another verfication from {{ CTX.user_id }} please click the following link` {% hint style="info" %} Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our [Canny feedback collector](https://rewst.canny.io/crates). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rewst.help/documentation/crates/existing-crate-documentation/duo-identity-verification-crate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.