Extra Contributors: David Keller
At Black Hat Europe 2024, Cisco Duo established itself because the multifactor authentication (MFA) and single sign-on (SSO) supplier for the Community Operations Middle (NOC), serving because the central software portal for NOC members to entry their purposes by way of Duo Central. Throughout the Black Hat Europe present, we piloted Duo Listing and with the profitable testing there, we did a full deployment at Black Hat Asia 2025. Since this was earlier than the official launch, we couldn’t weblog concerning the IdP (Identification Supplier) portion of Duo but, but it surely was extraordinarily profitable within the non-public preview, and we expanded the deployment from 20-30 customers in Asia to 100+ at Black Hat USA 2025.
Constructing on that basis, our deployment at Black Hat USA 2025 developed to ship a extra complete and safe identification and entry administration expertise for each customers and directors. Black Hat was the primary buyer of Duo Listing (checkout the announcement vidcast: See What Attackers Will Hate & Customers Will Love), with a profitable proof of worth at Black Hat Asia 2025 as a beta buyer). At Black Hat USA 2025, we expanded the SSO entry to Endace.
Whereas Duo beforehand functioned primarily as an MFA and SSO supplier, the introduction of Duo Listing in mid-2025 allowed us to take our consumer administration to the subsequent stage at Black Hat USA 2025. Duo’s intuitive IAM (Identification and Entry Administration) gave us management over main authentication, together with consumer password administration straight inside Duo. Leveraging the brand new World Enrollment Coverage, we required customers to set their passwords as a part of the usual Duo onboarding workflow, as seen within the screenshots under, simplifying the method and decreasing friction for brand new customers. Directors can even setup authentication to a different authentication supply in the event that they’d want, moderately than utilizing an enrollment code, throughout the setup course of.
Group membership straight decided which purposes appeared in Duo Central, guaranteeing customers solely noticed the assets they have been approved to entry, eliminating confusion and enhancing safety.
Administrative Items, a web new addition to Black Hat USA 2025, was absolutely embraced by the NOC management. This enabled every NOC service supplier to handle their very own customers and purposes independently. For instance, directors assigned to the “Arista” Administrative Unit may handle the “Arista Admins” group and configure the Arista software’s entry insurance policies and settings—empowering companions to implement zero belief entry for their very own assets.
Now, directors may very well be restricted not solely by Administrative Unit but additionally by entry scope, equivalent to limiting their visibility to Reporting related to their purposes and customers. As an example, an Arista administrator with the Safety Analyst Position may handle Arista customers, whereas additionally viewing logs and experiences, with out overreaching into different purposes or consumer teams.
Right here’s a fast overview of the important thing enhancements:
| Function | Black Hat Europe | Again Hat Asia ’25 | Black Hat USA ’25 |
|---|---|---|---|
| Duo as IdP & SSO | No | Sure | Sure |
| Duo Listing | Examined/Piloted | Full authoritative supply | Full authoritative supply |
| World Enrollment Coverage | Required for onboarding | Required for onboarding | Required for onboarding |
| Admin Items & Roles | Advantageous-grained delegation | ||
| Identification Intelligence | Examined | Validated | Prolonged with reporting |
| Zero Belief Controls | Position-based | Position-based | Superior, Position-based |
By constructing on our expertise from Black Hat Asia 2025, we delivered a extra strong, versatile, and user-friendly identification expertise at Black Hat USA 2025. The mixture of Duo Listing, group-based entry, and granular administrative controls enabled a real zero belief atmosphere—one the place each accomplice had the autonomy and safety they wanted.
To study extra about our strategy and see the evolution from Asia to USA, take a look at the Black Hat Asia 2025: Identification Intelligence weblog submit.
Taken with how Cisco Duo might help your group obtain zero belief? Attain out or discover extra at Duo’s web site.
Duo Invitation Course of for the Black Hat NOC
The invitation course of for Duo with the Duo IdP just isn’t the simplest to do when you could have a brand new consumer it is advisable onboard. Ideally you might be utilizing their firm e mail deal with as the primary e mail of their Duo Listing account. But when it is a new individual, how do you invite them when they don’t have entry to their e mail? I needed to resolve this conundrum so I wouldn’t must manually ship out e mail invitations to 100 new customers. One choice is so as to add their telephone quantity to the profile and ship out an invitation through textual content. However this appears unprofessional and never official to a brand new worker.
That leaves sending out an invitation through e mail, however how because the e mail would find yourself of their firm mailbox? So, I acquired to creating a python script and doing a lot testing over a couple of days. The very first thing I did was take a look at if I may ship out an invitation to the exterior e mail deal with of the consumer after which change the e-mail to the corporate e mail deal with. Would this nonetheless enable the enrollment to happen?
The reply is sure! Enrollment can nonetheless occur if the e-mail deal with is modified. This gave me what I wanted to script out what I might do. I might get all of the customers, make a JSON physique that I may use with the Duo API, create the brand new customers with the corporate e mail in one other area apart from the first, use their exterior e mail as the first, ship the invite out to the first e mail, then edit the consumer and swap the 2 emails to what it ought to be.
I used to be supplied with an excel file of everybody that was to be working within the NOC and so I first transformed that right into a CSV for simpler processing in python. Then utilizing the format given, I made a couple of instance customers utilizing my very own e mail deal with and the + trick. Then I acquired to coding.
I rip out the First Title, Final Title, e mail deal with, and firm the consumer has within the sheet, then construct an inner e mail deal with for every consumer. After that’s completed, I take advantage of the Duo API to verify if any of the customers exist already and take away them from the JSON, so they don’t trigger any errors or get duplicated. After this has been completed, I construct the JSON for every particular person consumer within the format Duo expects after which loop by way of them to get them created.
Observe: You may bulk create customers, however you can’t set customized attributes utilizing the majority create. Because of this I must loop by way of the customers and create them individually, so a customized attribute can be utilized.
Because the consumer ID of every created consumer is returned from the API, I retailer them in a brand new JSON physique so I can return and alter their e mail addresses round later. After all of the customers are created, I take advantage of the Enrollment API to ship out the Duo invitations after which instantly replace their e mail from their exterior e mail to the corporate e mail.
After all of the customers have had their enrollment hyperlink despatched and their emails up to date, I then ship one other e mail to them explaining the enrollment course of and what to search for. You may take a look at the code in Github. I’ve made the script a bit extra helpful for different folks than for simply my very own use case, so go forward and use it, replace it, and customise it to your wants.
The second script I wanted to make was a technique to replace all of the customers’ teams. The second script will get all of the customers in Duo, checks the corporate/division they’re part of after which updates their teams based mostly on an object/dictionary with the all the right teams they need to be in. Yow will discover that script in Github.
About Black Hat
Black Hat is the cybersecurity business’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, growth, and tendencies. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material straight from the neighborhood by way of Briefings displays, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and educational disciplines convene to collaborate, community, and talk about the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the US, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to the Black Hat web site.
We’d love to listen to what you suppose! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
Share: