naftiko: 1.0.0-alpha2 info: label: Duo Admin API description: The Duo Admin API provides programmatic access to the administrative functionality of Duo Security for managing users, groups, phones, hardware tokens, WebAuthn credentials, integrations, and bypass codes. Requests are authenticated using HMAC-SHA1 signed HTTP Basic credentials derived from your integration key and secret key. tags: - Duo - Security - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: duo-security baseUri: https://api-XXXXXXXX.duosecurity.com description: Duo Admin API HTTP API. authentication: type: basic username: '{{DUO_SECURITY_USERNAME}}' password: '{{DUO_SECURITY_PASSWORD}}' resources: - name: admin-v1-users path: /admin/v1/users operations: - name: listusers method: GET description: List users inputParameters: - name: username in: query type: string - name: limit in: query type: integer - name: offset in: query type: integer outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createuser method: POST description: Create user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-bulk-create path: /admin/v1/users/bulk_create operations: - name: bulkcreateusers method: POST description: Bulk create users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-bulk-restore path: /admin/v1/users/bulk_restore operations: - name: bulkrestoreusers method: POST description: Bulk restore users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-bulk-send-to-trash path: /admin/v1/users/bulk_send_to_trash operations: - name: bulksenduserstotrash method: POST description: Bulk send users to Trash outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id path: /admin/v1/users/{user_id} operations: - name: getuser method: GET description: Get user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateuser method: POST description: Update user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteuser method: DELETE description: Delete user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-enroll path: /admin/v1/users/enroll operations: - name: enrolluser method: POST description: Enroll user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-bypass-codes path: /admin/v1/users/{user_id}/bypass_codes operations: - name: listuserbypasscodes method: GET description: List user bypass codes outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createuserbypasscodes method: POST description: Generate bypass codes outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-groups path: /admin/v1/users/{user_id}/groups operations: - name: listusergroups method: GET description: List user groups outputRawFormat: json outputParameters: - name: result type: object value: $. - name: associateusergroup method: POST description: Associate group with user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-groups-group-id path: /admin/v1/users/{user_id}/groups/{group_id} operations: - name: disassociateusergroup method: DELETE description: Disassociate group from user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-phones path: /admin/v1/users/{user_id}/phones operations: - name: listuserphones method: GET description: List user phones outputRawFormat: json outputParameters: - name: result type: object value: $. - name: associateuserphone method: POST description: Associate phone with user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-phones-phone-id path: /admin/v1/users/{user_id}/phones/{phone_id} operations: - name: disassociateuserphone method: DELETE description: Disassociate phone from user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-tokens path: /admin/v1/users/{user_id}/tokens operations: - name: listusertokens method: GET description: List user hardware tokens outputRawFormat: json outputParameters: - name: result type: object value: $. - name: associateusertoken method: POST description: Associate hardware token with user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-tokens-token-id path: /admin/v1/users/{user_id}/tokens/{token_id} operations: - name: disassociateusertoken method: DELETE description: Disassociate hardware token from user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-webauthncredentials path: /admin/v1/users/{user_id}/webauthncredentials operations: - name: listuserwebauthncredentials method: GET description: List WebAuthn credentials for user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-desktopauthenticators path: /admin/v1/users/{user_id}/desktopauthenticators operations: - name: listuserdesktopauthenticators method: GET description: List desktop authenticators for user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-directorysync path: /admin/v1/users/directorysync operations: - name: listuserdirectorysyncs method: GET description: List user directory syncs outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-directorysync-directory-key-syncu path: /admin/v1/users/directorysync/{directory_key}/syncuser operations: - name: syncdirectoryuser method: POST description: Sync directory user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-send-verification-push path: /admin/v1/users/{user_id}/send_verification_push operations: - name: sendverificationpush method: POST description: Send verification Duo Push outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-users-user-id-verification-push-respons path: /admin/v1/users/{user_id}/verification_push_response operations: - name: getverificationpushresponse method: GET description: Retrieve verification push result outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-groups path: /admin/v1/groups operations: - name: listgroups method: GET description: List groups outputRawFormat: json outputParameters: - name: result type: object value: $. - name: creategroup method: POST description: Create group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-groups-group-id path: /admin/v1/groups/{group_id} operations: - name: updategroup method: POST description: Update group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v2-groups-group-id path: /admin/v2/groups/{group_id} operations: - name: getgroupv2 method: GET description: Get group (v2) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v2-groups-group-id-users path: /admin/v2/groups/{group_id}/users operations: - name: listgroupusersv2 method: GET description: List group users (v2) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: admin-v1-bulk path: /admin/v1/bulk operations: - name: bulkoperations method: POST description: Bulk operations outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: duo-security-rest description: REST adapter for Duo Admin API. resources: - path: /admin/v1/users name: listusers operations: - method: GET name: listusers description: List users call: duo-security.listusers outputParameters: - type: object mapping: $. - path: /admin/v1/users name: createuser operations: - method: POST name: createuser description: Create user call: duo-security.createuser outputParameters: - type: object mapping: $. - path: /admin/v1/users/bulk_create name: bulkcreateusers operations: - method: POST name: bulkcreateusers description: Bulk create users call: duo-security.bulkcreateusers outputParameters: - type: object mapping: $. - path: /admin/v1/users/bulk_restore name: bulkrestoreusers operations: - method: POST name: bulkrestoreusers description: Bulk restore users call: duo-security.bulkrestoreusers outputParameters: - type: object mapping: $. - path: /admin/v1/users/bulk_send_to_trash name: bulksenduserstotrash operations: - method: POST name: bulksenduserstotrash description: Bulk send users to Trash call: duo-security.bulksenduserstotrash outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id} name: getuser operations: - method: GET name: getuser description: Get user call: duo-security.getuser outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id} name: updateuser operations: - method: POST name: updateuser description: Update user call: duo-security.updateuser outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id} name: deleteuser operations: - method: DELETE name: deleteuser description: Delete user call: duo-security.deleteuser outputParameters: - type: object mapping: $. - path: /admin/v1/users/enroll name: enrolluser operations: - method: POST name: enrolluser description: Enroll user call: duo-security.enrolluser outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/bypass_codes name: listuserbypasscodes operations: - method: GET name: listuserbypasscodes description: List user bypass codes call: duo-security.listuserbypasscodes outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/bypass_codes name: createuserbypasscodes operations: - method: POST name: createuserbypasscodes description: Generate bypass codes call: duo-security.createuserbypasscodes outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/groups name: listusergroups operations: - method: GET name: listusergroups description: List user groups call: duo-security.listusergroups outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/groups name: associateusergroup operations: - method: POST name: associateusergroup description: Associate group with user call: duo-security.associateusergroup outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/groups/{group_id} name: disassociateusergroup operations: - method: DELETE name: disassociateusergroup description: Disassociate group from user call: duo-security.disassociateusergroup outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/phones name: listuserphones operations: - method: GET name: listuserphones description: List user phones call: duo-security.listuserphones outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/phones name: associateuserphone operations: - method: POST name: associateuserphone description: Associate phone with user call: duo-security.associateuserphone outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/phones/{phone_id} name: disassociateuserphone operations: - method: DELETE name: disassociateuserphone description: Disassociate phone from user call: duo-security.disassociateuserphone outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/tokens name: listusertokens operations: - method: GET name: listusertokens description: List user hardware tokens call: duo-security.listusertokens outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/tokens name: associateusertoken operations: - method: POST name: associateusertoken description: Associate hardware token with user call: duo-security.associateusertoken outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/tokens/{token_id} name: disassociateusertoken operations: - method: DELETE name: disassociateusertoken description: Disassociate hardware token from user call: duo-security.disassociateusertoken outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/webauthncredentials name: listuserwebauthncredentials operations: - method: GET name: listuserwebauthncredentials description: List WebAuthn credentials for user call: duo-security.listuserwebauthncredentials outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/desktopauthenticators name: listuserdesktopauthenticators operations: - method: GET name: listuserdesktopauthenticators description: List desktop authenticators for user call: duo-security.listuserdesktopauthenticators outputParameters: - type: object mapping: $. - path: /admin/v1/users/directorysync name: listuserdirectorysyncs operations: - method: GET name: listuserdirectorysyncs description: List user directory syncs call: duo-security.listuserdirectorysyncs outputParameters: - type: object mapping: $. - path: /admin/v1/users/directorysync/{directory_key}/syncuser name: syncdirectoryuser operations: - method: POST name: syncdirectoryuser description: Sync directory user call: duo-security.syncdirectoryuser outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/send_verification_push name: sendverificationpush operations: - method: POST name: sendverificationpush description: Send verification Duo Push call: duo-security.sendverificationpush outputParameters: - type: object mapping: $. - path: /admin/v1/users/{user_id}/verification_push_response name: getverificationpushresponse operations: - method: GET name: getverificationpushresponse description: Retrieve verification push result call: duo-security.getverificationpushresponse outputParameters: - type: object mapping: $. - path: /admin/v1/groups name: listgroups operations: - method: GET name: listgroups description: List groups call: duo-security.listgroups outputParameters: - type: object mapping: $. - path: /admin/v1/groups name: creategroup operations: - method: POST name: creategroup description: Create group call: duo-security.creategroup outputParameters: - type: object mapping: $. - path: /admin/v1/groups/{group_id} name: updategroup operations: - method: POST name: updategroup description: Update group call: duo-security.updategroup outputParameters: - type: object mapping: $. - path: /admin/v2/groups/{group_id} name: getgroupv2 operations: - method: GET name: getgroupv2 description: Get group (v2) call: duo-security.getgroupv2 outputParameters: - type: object mapping: $. - path: /admin/v2/groups/{group_id}/users name: listgroupusersv2 operations: - method: GET name: listgroupusersv2 description: List group users (v2) call: duo-security.listgroupusersv2 outputParameters: - type: object mapping: $. - path: /admin/v1/bulk name: bulkoperations operations: - method: POST name: bulkoperations description: Bulk operations call: duo-security.bulkoperations outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: duo-security-mcp transport: http description: MCP adapter for Duo Admin API for AI agent use. tools: - name: listusers description: List users hints: readOnly: true destructive: false idempotent: true call: duo-security.listusers with: username: tools.username limit: tools.limit offset: tools.offset inputParameters: - name: username type: string description: username - name: limit type: integer description: limit - name: offset type: integer description: offset outputParameters: - type: object mapping: $. - name: createuser description: Create user hints: readOnly: false destructive: false idempotent: false call: duo-security.createuser outputParameters: - type: object mapping: $. - name: bulkcreateusers description: Bulk create users hints: readOnly: false destructive: false idempotent: false call: duo-security.bulkcreateusers outputParameters: - type: object mapping: $. - name: bulkrestoreusers description: Bulk restore users hints: readOnly: false destructive: false idempotent: false call: duo-security.bulkrestoreusers outputParameters: - type: object mapping: $. - name: bulksenduserstotrash description: Bulk send users to Trash hints: readOnly: false destructive: false idempotent: false call: duo-security.bulksenduserstotrash outputParameters: - type: object mapping: $. - name: getuser description: Get user hints: readOnly: true destructive: false idempotent: true call: duo-security.getuser outputParameters: - type: object mapping: $. - name: updateuser description: Update user hints: readOnly: false destructive: false idempotent: false call: duo-security.updateuser outputParameters: - type: object mapping: $. - name: deleteuser description: Delete user hints: readOnly: false destructive: true idempotent: true call: duo-security.deleteuser outputParameters: - type: object mapping: $. - name: enrolluser description: Enroll user hints: readOnly: false destructive: false idempotent: false call: duo-security.enrolluser outputParameters: - type: object mapping: $. - name: listuserbypasscodes description: List user bypass codes hints: readOnly: true destructive: false idempotent: true call: duo-security.listuserbypasscodes outputParameters: - type: object mapping: $. - name: createuserbypasscodes description: Generate bypass codes hints: readOnly: false destructive: false idempotent: false call: duo-security.createuserbypasscodes outputParameters: - type: object mapping: $. - name: listusergroups description: List user groups hints: readOnly: true destructive: false idempotent: true call: duo-security.listusergroups outputParameters: - type: object mapping: $. - name: associateusergroup description: Associate group with user hints: readOnly: false destructive: false idempotent: false call: duo-security.associateusergroup outputParameters: - type: object mapping: $. - name: disassociateusergroup description: Disassociate group from user hints: readOnly: false destructive: true idempotent: true call: duo-security.disassociateusergroup outputParameters: - type: object mapping: $. - name: listuserphones description: List user phones hints: readOnly: true destructive: false idempotent: true call: duo-security.listuserphones outputParameters: - type: object mapping: $. - name: associateuserphone description: Associate phone with user hints: readOnly: false destructive: false idempotent: false call: duo-security.associateuserphone outputParameters: - type: object mapping: $. - name: disassociateuserphone description: Disassociate phone from user hints: readOnly: false destructive: true idempotent: true call: duo-security.disassociateuserphone outputParameters: - type: object mapping: $. - name: listusertokens description: List user hardware tokens hints: readOnly: true destructive: false idempotent: true call: duo-security.listusertokens outputParameters: - type: object mapping: $. - name: associateusertoken description: Associate hardware token with user hints: readOnly: false destructive: false idempotent: false call: duo-security.associateusertoken outputParameters: - type: object mapping: $. - name: disassociateusertoken description: Disassociate hardware token from user hints: readOnly: false destructive: true idempotent: true call: duo-security.disassociateusertoken outputParameters: - type: object mapping: $. - name: listuserwebauthncredentials description: List WebAuthn credentials for user hints: readOnly: true destructive: false idempotent: true call: duo-security.listuserwebauthncredentials outputParameters: - type: object mapping: $. - name: listuserdesktopauthenticators description: List desktop authenticators for user hints: readOnly: true destructive: false idempotent: true call: duo-security.listuserdesktopauthenticators outputParameters: - type: object mapping: $. - name: listuserdirectorysyncs description: List user directory syncs hints: readOnly: true destructive: false idempotent: true call: duo-security.listuserdirectorysyncs outputParameters: - type: object mapping: $. - name: syncdirectoryuser description: Sync directory user hints: readOnly: false destructive: false idempotent: false call: duo-security.syncdirectoryuser outputParameters: - type: object mapping: $. - name: sendverificationpush description: Send verification Duo Push hints: readOnly: false destructive: false idempotent: false call: duo-security.sendverificationpush outputParameters: - type: object mapping: $. - name: getverificationpushresponse description: Retrieve verification push result hints: readOnly: true destructive: false idempotent: true call: duo-security.getverificationpushresponse outputParameters: - type: object mapping: $. - name: listgroups description: List groups hints: readOnly: true destructive: false idempotent: true call: duo-security.listgroups outputParameters: - type: object mapping: $. - name: creategroup description: Create group hints: readOnly: false destructive: false idempotent: false call: duo-security.creategroup outputParameters: - type: object mapping: $. - name: updategroup description: Update group hints: readOnly: false destructive: false idempotent: false call: duo-security.updategroup outputParameters: - type: object mapping: $. - name: getgroupv2 description: Get group (v2) hints: readOnly: true destructive: false idempotent: true call: duo-security.getgroupv2 outputParameters: - type: object mapping: $. - name: listgroupusersv2 description: List group users (v2) hints: readOnly: true destructive: false idempotent: true call: duo-security.listgroupusersv2 outputParameters: - type: object mapping: $. - name: bulkoperations description: Bulk operations hints: readOnly: false destructive: false idempotent: false call: duo-security.bulkoperations outputParameters: - type: object mapping: $. binds: - namespace: env keys: DUO_SECURITY_USERNAME: DUO_SECURITY_USERNAME DUO_SECURITY_PASSWORD: DUO_SECURITY_PASSWORD