Duo Security MCP. Automate user provisioning and 2FA checks from your agent.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Duo Security (Two-Factor Authentication API) MCP Server lets your AI agent manage all user identities and multi-factor authentication actions. You can create, update, and delete users, trigger Duo Push or SMS authentication requests, and check account billing details—all without logging into the Duo Admin Panel.
It gives your AI client full control over the user lifecycle and security auditing.
What your AI agents can do
Auth
Sends a second-factor authentication challenge to a specified user.
Auth status
Checks the progress of an authentication request that was initiated earlier.
Bulk create users
Creates up to 100 new user accounts in a single API call.
The agent can list, create, modify, and restore user records, including handling bulk operations and soft deletion.
You can initiate a 2FA challenge (Push, SMS, Phone, or Passcode) and poll for the final authentication status.
The agent checks if a user is authorized to log in and identifies which authentication factors are available for them.
You can retrieve the billing edition and check the available telephony credits for specific child accounts.
The server performs liveness checks on the Auth API and verifies integration keys to confirm the connection is active.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Duo Security (Two-Factor Authentication API) MCP Server: 18 Tools
These 18 tools let your AI client manage every aspect of Duo Security: from creating new users to triggering complex multi-factor authentication challenges.
019e5d14auth
Sends a second-factor authentication challenge to a specified user.
019e5d14auth status
Checks the progress of an authentication request that was initiated earlier.
019e5d14bulk create users
Creates up to 100 new user accounts in a single API call.
019e5d14check auth
Verifies the integration keys and confirms the signature generation capability.
019e5d14create account
Creates a new child account under a parent Duo organization.
019e5d14create user
Creates a new user account within Duo's system.
019e5d14delete account
Deletes a child account structure.
019e5d14get billing edition
Retrieves the current billing edition assigned to a specific account.
019e5d14get telephony credits
Gets the remaining telephony credits for a specified account.
019e5d14list accounts
Retrieves a paged list of child accounts for Duo MSP partners.
019e5d14list users
Gets a paginated list of users, with optional filtering by username, email, or ID list.
019e5d14modify user
Changes specific details or attributes of an existing Duo user.
019e5d14ping auth
Performs a simple liveness check on the Duo Authentication API endpoint.
019e5d14preauth
Checks if a user can log in and lists all available authentication factors for them.
019e5d14restore users
Brings users back from the trash bin into active accounts.
019e5d14set billing edition
Updates the billing edition for a specific account.
019e5d14set telephony credits
Adjusts the telephony credit count for an account.
019e5d14trash users
Moves users to the trash, marking them for pending deletion over seven days.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Duo Security (Two-Factor Authentication API), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Duo Duo Security API MCP Server - Manage 2FA & Users lets your AI agent handle everything related to user identities and multi-factor authentication. You can create, update, and wipe out users, trigger Duo Push or SMS codes, and check account billing—all without ever logging into the Duo Admin Panel.
It gives your agent full control over the user lifecycle and security auditing.
Managing User Accounts
Your agent can list, create, modify, and restore user records. You can make a bunch of new users at once using bulk_create_users for up to 100 accounts, or you can build out a new user with create_user and then update them later with modify_user. Need to wipe someone out? You can trash users with trash_users or bring them back using restore_users.
The agent also lets you list all users with list_users, filtering by username, email, or a list of IDs. You can delete an entire child account structure using delete_account or create one with create_account.
Triggering Multi-Factor Authentication
When you need to challenge a user, the agent uses auth to send a second-factor authentication challenge to a specific user. You can then check how things are going with auth_status to track the progress of that request. Before sending a challenge, you can check if a user can even log in and see all the authentication factors available for them using preauth.
Handling Account Billing and Auditing
Your agent manages billing details and account structure. You can get the current billing edition for an account using get_billing_edition and update it with set_billing_edition. You can also check the remaining phone credits with get_telephony_credits and adjust them using set_telephony_credits. If you're managing a Duo MSP partner, the agent retrieves a list of child accounts using list_accounts and can even get a list of users with list_users.
Verifying API Connections
It's always good to check if the connection's live. The server performs a simple check on the Duo Authentication API endpoint with ping_auth and verifies your integration keys to confirm signature generation capability using check_auth.
How Duo Security MCP Works
- 1 Subscribe to the server and pass your Duo API Hostname, Integration Key, and Secret Key.
- 2 Your AI client calls the tool, specifying the action (e.g.,
list_users,auth). - 3 The server executes the API call, returns the status, and presents the data directly to your client.
The bottom line is you get direct, programmatic access to Duo's core identity and billing functions.
Who Is Duo Security MCP For?
Security Operations teams who need to audit user accounts quickly. IT Admins who hate clicking through the Duo web panel. DevOps Engineers integrating identity checks into CI/CD. This is for anyone who needs to automate the manual, high-stakes process of user lifecycle management and 2FA verification.
Uses the server to check transaction statuses or audit user lists during an incident response, instead of manually checking dashboards.
Runs bulk user creations or updates user statuses across hundreds of accounts without navigating the Duo web UI.
Integrates identity checks or account provisioning steps into automated CI/CD pipelines or custom scripts.
What Changes When You Connect
- Automate user provisioning. Instead of manually clicking through the web panel to create a new user, the
create_usertool handles the entire process, giving you immediate user accounts. - Streamline security audits. Use
list_usersto pull a filtered, paginated list of all users by email or username—no more exporting CSVs and opening spreadsheets. - Manage account state changes. If a user needs to be removed or paused, the
trash_userstool sends them to pending deletion, andrestore_usersbrings them back without manual intervention. - Quickly verify access. Running
preauthdetermines if a user is authorized to log in and lists all available factors (Push, SMS, etc.) before you even attempt an authentication challenge. - Keep billing accurate. Use
get_billing_editionandget_telephony_creditsto check account limits and editions directly in the chat, avoiding logins just for financial checks. - Batch operations. The
bulk_create_userstool handles creating up to 100 users in one request, saving time when onboarding large groups of employees.
Real-World Use Cases
Onboarding a new department of 50 users
A manager needs to onboard 50 new employees. Instead of logging into Duo and clicking 'Add User' fifty times, the agent executes bulk_create_users. The agent handles the large batch, and the manager then uses create_user for any remaining exceptions, getting all accounts active in minutes.
Responding to a suspicious login attempt
A security analyst detects suspicious activity. They ask the agent to preauth the user. The agent confirms the user is authorized and lists available factors (e.g., Duo Push, SMS Passcode), allowing the analyst to instantly trigger the required auth challenge.
Cleaning up stale or suspended accounts
The IT team finds users who haven't logged in for six months. They ask the agent to list_users to filter by last login date. Then, they run trash_users on the identified list, removing them from active service while preserving the data for seven days.
Troubleshooting a complex billing issue
A finance officer questions why the system ran out of SMS capabilities. They ask the agent to get_telephony_credits for the relevant account. The agent returns the exact credit count, allowing the officer to immediately flag the billing issue without needing to access the billing dashboard.
The Tradeoffs
Manual account listing
The ops engineer logs into the Duo web panel, clicks 'Users', filters by department, then scrolls through dozens of pages to find the status of a specific user, wasting 15 minutes.
→
Just ask the agent to run list_users. You can specify filtering criteria (by email or username) and get the full, paged list of results instantly.
Sequential user creation
Creating 20 users one by one using the web UI is slow, and if one fails, you lose context and have to restart the process.
→
Use bulk_create_users. It handles up to 100 users in one go. If you need to create a single user, use create_user.
Ignoring user state
Assuming a user is still active and running an authentication challenge when they might have been manually suspended or deleted in the meantime.
→
Always check the user's status first. Use preauth to determine if the user is authorized to log in and what factors they can use before attempting an auth call.
When It Fits, When It Doesn't
Use this server if your process requires programmatic control over the user lifecycle or requires real-time authentication checks. Specifically, if you need to check account billing status (get_billing_edition) or manage user groups at scale, this is the right tool. Don't use it if you only need to view historical reports that are already exported to a spreadsheet—those reports are better handled by dedicated reporting tools. If your goal is simply to send a message or read unstructured text, this server won't help. You're dealing with structured identity and billing data here.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Duo Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 18 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Dealing with user accounts means clicking through dashboards and repeating steps.
Today, managing users means jumping between the Duo Admin Panel and internal ticketing systems. You have to manually check user status, find the right account ID, copy the credentials, and then switch tabs to check billing. It's a copy-paste hell that takes forever.
With this MCP server, you talk to your agent. You say, 'List all inactive users in the Finance department.' The agent runs `list_users`, filters the results, and gives you a clean, actionable list—no manual clicks, no dashboard hopping. You get the data you need, instantly.
Duo Security (Two-Factor Authentication API) MCP Server: Triggering 2FA
Manually triggering a Duo Push or SMS code requires navigating to the user's profile page, finding the 'Authenticate' button, and clicking it. If you're doing this for multiple users, you're repeating the same tedious sequence of clicks.
Now, you just ask your agent to send the request. The agent executes `auth` and returns a transaction ID. You've cut the clicks entirely. The process is direct, immediate, and auditable.
Common Questions About Duo Security MCP
How do I check user status using the Duo Security (Two-Factor Authentication API) MCP Server? +
Use the preauth tool. This check determines if the user is authorized to log in and lists all available authentication factors (Push, SMS, Phone) without actually initiating a login attempt.
Can I create a lot of users at once with the Duo Security (Two-Factor Authentication API) MCP Server? +
Yes, you can use bulk_create_users. This tool is designed to handle up to 100 users in a single request, making large-scale onboarding much faster than manual entry.
What should I do if a user account needs to be removed permanently? +
First, run trash_users to send the user to the trash bin. This marks them for pending deletion over seven days. If you need to bring them back, you use restore_users.
Is the Duo Security (Two-Factor Authentication API) MCP Server good for billing checks? +
Absolutely. Use get_telephony_credits and get_billing_edition. You get the exact credit count and edition status for any account without ever touching the billing dashboard.
Is the Duo Security (Two-Factor Authentication API) MCP Server reliable for quick checks? +
The ping_auth tool performs a liveness check on the Auth API. This ensures the connection is active before you try to run any critical user or authentication commands.
How do I check the status of a Duo Push authentication using the Duo Security (Two-Factor Authentication API) MCP Server? +
You use the auth_status tool. This tool polls for the result of an asynchronous request, giving you the final status of the authentication attempt. This is crucial for monitoring background verification steps.
What should I do if I need to update a user's details using the Duo Security (Two-Factor Authentication API) MCP Server? +
Use the modify_user tool. This function lets you change specific user details without manually navigating the Duo Admin Panel. You just pass the required changes to your agent.
How do I test the connection and keys for the Duo Security (Two-Factor Authentication API) MCP Server? +
Run the check_auth tool. This verifies your integration keys and confirms signature generation capability. It's a quick way to ensure your setup is working before running live tasks.
Can I trigger a Duo Push notification for a specific user? +
Yes. Use the auth tool and set the factor to 'push'. You can provide either the username or user_id to target the correct person.
How do I check which authentication factors are available for a user? +
Run the preauth tool with the user's details. It will return whether the user is authorized and a list of supported factors like push, phone, or SMS.
Is it possible to change a user's status to 'bypass' or 'disabled'? +
Yes, the modify_user tool allows you to update the status field to 'active', 'bypass', or 'disabled' using the user's unique ID.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Deterministic Array Operations
Equip your AI with high-performance array manipulation. Deterministically chunk large datasets, deep-deduplicate objects, and intersect arrays 100% local.
Frontegg
Manage B2B identity, provision users, and oversee tenants via AI agents with Frontegg.
Browser Bookmarks Parser
Turn messy Chrome, Safari, and Firefox bookmark HTML exports into clean, structured JSON data. Instantly allow your AI to organize your digital life and remove duplicate links.
You might also like
Deel
Manage global contracts, team members, invoices, payments, time-off, and expenses — global HR for AI agents.
Strava
Manage activities, athlete stats, and routes on Strava with AI agents.
Railway Alternative
Manage cloud deployments via Railway — list projects, inspect services, track deployments and manage variables and volumes from any AI agent.