Implementing Two-Factor Authentication for Enterprise Applications

How we used Duo to help a client make its apps more secure

Overview

Myworkdrive, an enterprise cloud file sharing service, was looking for a two-factor authentication platform implemented within their custom code that included Web, Native Windows, and Android and IOS mobile applications.

Challenge

Because the solution had to work with a variety of client types, we needed centralized Rest API where each interface could connect to authenticate to DUO.

1. Conceptual Development

We evaluated a number of solutions on the market, such as Twilio, Authy, and Duo, and after an evaluation and proof of concept stage settled on Duo.

2. Our Approach

While Duo does provide a number of useful libraries for web-based applications, we had to design our own Rest API to support mobile and native Windows applications.
The first step in the process was to create the rest web service API. Once this was completed and tested, we moved on to creating the authentication UI mechanism for both both the Windows and Mobile Applications.

3. Prototyping and Iteration

Once our APIs were completed, we updated the mobile applications to implement them. . Then we tested each function of the Duo two-factor authentication on iOS and Android devices, including two-factor authentication responses by phone call, SMS, and Duo app push. During this process, all bugs were fixed, and we were able to confirm functionality for each client and push out the solution.

After completion, we increased the security of the application by giving a second layer of authentication during the login process. By using Duo, we able to present this feature in a convenient user interface.