Duo Identity Verification Crate

If you’re new to Crates, read through our introductory Crate documentation here. Find the Crate in our Crate Marketplace.

What does the Duo Identity Verification Crate do?

Our Duo Identity Verification Crate enables Duo identity verification when a user submits a ticket.

How the Crate works

The Crate's workflow adds an internal note with a verification link when a ticket is created in your PSA.
When a technician clicks the link, a Duo request is sent to the user who submitted the ticket.
The user’s first and last name must match the user's name in Duo.
The user will see the following in their duo request: Verification is required for the ticket you submitted: "Ticket Title".
The ticket note will result in one of the following outcomes:
- Approved: "username" has verified this ticket.
- Timed out: A note states the request timed out and provides a new verification link.
- Denied: "username" has denied approval. A new link is provided if needed.

Workflow breakdown

The workflow begins with the START task using the noop action, which evaluates the incoming data to determine the PSA system being used.
If the organization uses Datto PSA and a contact ID is present, the workflow executes the datto_get_contact task using the Get Contact v2 action to retrieve contact information from Datto PSA.
If the organization uses Freshdesk and a requester ID is present, the workflow executes the freshdesk_get_contact task using the Get Contact action to retrieve contact information from Freshdesk.
For other PSA systems or when no specific contact retrieval is needed, the workflow proceeds directly to the set_variables task using the noop action to normalize and set ticket variables.
The set_variables task processes incoming data differently based on whether it came from a GET request or a ticket webhook, extracting ticket ID, contact name, ticket summary, and company ID information.
The input_variable_checks task using the noop action validates that all required variables are present, including ticket ID, first name, last name, company ID, and ticket summary.
Upon successful validation, the get_org_id task uses the List Organization Variables action to find the appropriate Rewst organization ID based on the company ID and retrieve the Duo account ID.
The list_triggers task uses the List Triggers action to find the Duo Identity Verification Webhook trigger and construct a webhook URL for future verification requests.
Depending on the PSA system and configuration, the workflow may execute the update_ticket task using the PSA: Update Ticket action to add an internal note with the verification link to the ticket.
If ConnectWise PSA is being used with pod functionality enabled, the rewst_associate_external_object task uses the Associate External Object action to link the ticket with the workflow execution.
The initial_pod_request task uses the Create Pod Confirmation action to display a verification button in the ConnectWise PSA pod interface and waits for user interaction.
When the verification button is clicked, the list_duo_users task uses the List Users action to retrieve all users from the Duo account.
The duo_pre_checks task using the noop action matches the ticket contact's first and last name against Duo users to find exactly one matching user.
If exactly one user is matched, the duo_send task uses the Send Duo Authentication action to send a push notification to the user's device requesting verification for the specific ticket.
Based on the Duo response, the update_ticket_duo_response task uses the PSA: Update Ticket action to add a note indicating whether the user approved, denied, or timed out on the verification request.
If the verification was not approved and pod functionality is enabled, the workflow may create another pod with the verification link for future attempts.
Any task failures throughout the workflow are caught by the failure_catch task using the noop action, which routes to the end of the workflow.

Crate prerequisites

Your PSA must be successfully integrated with Rewst. This Crate works with the following PSAs only:

Duo integration must successfully be set up with Rewst.

Unpack the Duo Identity Verification Crate

Navigate to Crates > Crate Marketplace in the left side menu Rewst platform.
Search for Duo Identity Verification.
Click on the Crate tile to begin unpacking.
Click Unpack Crate.
Click Continue.
Ensure that Enabled is toggled on for Cron Job under Configure Triggers. Note that you have the option under the accordion menu of the trigger to activate the Crate for all future organizations in addition to the current one. You may also set the trigger criteria or integration overrides.
Click Unpack.

Test the Crate

Create a ticket in your PSA. Ensure the contact associated with the ticket matches the first and last name of the user in Duo.
Once the ticket is created, it will add a note— or POD, if enabled— with a link that states, Please click the following link to verify the identity of this ticket.
Click the link to send a Duo request to the contact associated with the ticket. Note that this will only work if the first and last name match.
1. If it is approved via Duo, a note will be created stating: The User has verified this ticket.
2. If you don't respond in time, a note will be created stating: The Duo authentication request for user {{CTX.user_id}} has timed out. To request another verfication from {{ CTX.user_id }} please click the following link
3. If you select deny, a note will be created stating: The user has denied approval. To request another verfication from {{ CTX.user_id }} please click the following link

Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our Canny feedback collector.

PreviousDropsuite: New Account Crate NextEnable / Disable Mailbox Forwarding Crate

Last updated 3 days ago

Was this helpful?