Duo Security MCP for AI. Manage Identities and MFA via Conversation
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Connect to your AI in seconds.
Duo Security (Two-Factor Authentication API) gives your AI agent full control over identity management and MFA workflows. You can manage user accounts, trigger Duo Push or SMS authentication requests, check account billing details, and run pre-auth checks—all without logging into the admin panel.
It lets security teams handle complex provisioning tasks instantly.
What your AI can do
Auth status
Checks the current status of an asynchronous authentication request you previously initiated.
Auth
Triggers a second-factor authentication request for a user via configured methods.
Bulk create users
Creates up to 100 new user accounts in a single API call, speeding up provisioning.
Create new user records, change existing details, or delete users for lifecycle management.
Initiate Duo Push, SMS, Phone, or Passcode requests directly through your agent when a user needs to log in.
Check if a user is authorized for login and determine which MFA factors they can actually use.
Retrieve paginated lists of all users or child accounts associated with the organization.
Check current billing editions or available telephony credits for specific accounts.
Ask an AI about this
Waiting for input…
Duo Security (Two-Factor Authentication API) MCP: 18 Tools
These tools allow you to programmatically manage every aspect of user accounts, from creating users and modifying profiles to triggering live authentication requests.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Duo Security (Two-Factor Authentication API) on VinkiusAuth Status
Checks the current status of an asynchronous authentication request you previously initiated.
Auth
Triggers a second-factor authentication request for a user via configured methods.
Bulk Create Users
Creates up to 100 new user accounts in a single API call, speeding up provisioning.
Check Auth
Verifies your integration keys and checks the signature generation capability for...
Create Account
Creates a new child account under an existing Duo partnership structure.
Create User
Registers a single, brand-new user into the Duo system.
Delete Account
Removes a child account from the partnership structure.
Get Billing Edition
Retrieves specific billing information for an account to help with licensing checks.
Get Telephony Credits
Checks how many available phone call credits are remaining for a given account.
List Accounts
Gets a list of all child accounts linked to an MSP partner.
List Users
Retrieves a paged list of users, allowing filtering by email or username.
Modify User
Updates existing details for an account or user profile.
Ping Auth
Performs a simple health check to confirm the Duo authentication API is active and responding.
Preauth
Determines if a user can log in, identifying all available MFA factors before...
Restore Users
Reverts users that were previously sent to the trash/pending deletion state.
Set Billing Edition
Manually assigns or changes the billing edition for a specific account.
Set Telephony Credits
Adjusts the number of available phone call credits on an account for testing or...
Trash Users
Sends a user to a pending deletion status, keeping them recoverable for seven days.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Duo Security integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Duo Security (Two-Factor Authentication API), then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,100+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Duo Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This connection provides 18 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.
Dealing with user accounts means clicking through a dozen dashboards.
Right now, if an admin needs to update a user’s status or check billing limits, they open the Duo console. They navigate to 'Users,' filter by department, then click into each profile individually. If that's not enough, they switch tabs to the Billing section, copy the account ID, and paste it into another tool just to verify credits.
With this MCP connected via Vinkius, you simply tell your agent, 'Check user jdoe's status and confirm their billing edition.' The agent executes all necessary checks—user listing, pre-auth validation, and billing reads—and gives you one clean answer. It’s a single conversation that replaces hours of clicking.
The Duo Security MCP provides immediate authentication control.
Before this, triggering an MFA challenge required multiple steps: verifying the user existed first, then checking which factors were active. If you guessed wrong—say, trying to send a Push when they only had SMS enabled—the process failed and took time to debug.
Now, your agent handles it. You ask for pre-authentication status using `preauth`. The system checks the user's authorization level AND reports every available factor (Push, Phone Call, SMS). This prevents guesswork and makes your workflow reliable.
What your AI can actually do with this
Managing a large organization's digital identities means constant manual work: creating new users, resetting MFA credentials, checking if an account needs updating, or running through billing audits. This MCP connects your AI agent directly to Duo Security’s core APIs. Instead of navigating multiple dashboards and copy-pasting data, you just tell your agent what you need done—for example, 'Check user LKing's access factors.' It performs the checks and returns actionable status updates instantly.
Whether you use a client like Claude or Cursor, Vinkius makes this entire suite available through one connection point. This capability means IT admins can handle complex account provisioning and security validation tasks in natural conversation.
019e5d14-8776-7079-930d-cf59b769f6e7 
Here's how it actually works
The bottom line is that your AI client performs complex security actions using pre-configured keys, so you just talk to it instead of clicking through interfaces.
First, subscribe to this MCP and provide your Duo API Hostname, Integration Key, and Secret Key.
Next, prompt your AI client with the desired action—for example, 'Send a Duo Push authentication request for username mrossi.'
Your agent executes the necessary tool calls, retrieves the status (like a transaction ID), and reports back to you.
Who is this actually for?
This is for the IT Administrator who spends hours manually checking user statuses across dashboards. It's also for Security Operations personnel who need instant 2FA verification during an active incident, and DevOps Engineers building automated provisioning pipelines.
Automates the initial steps of an investigation by checking authentication transaction statuses or triggering a Duo Push request for compromised accounts.
Manages user lifecycles—creating new users, updating status flags, or performing bulk creations—without ever opening the web admin panel.
Integrates identity checks and account provisioning into automated CI/CD workflows using API calls instead of manual scripting.
What Changes When You Connect
Streamlines user provisioning: Instead of running bulk scripts, use the bulk_create_users tool to add up to 100 users in one request.
Reduces investigation time: Use preauth to check if a user is authorized and what factors they can use before sending an MFA challenge. This prevents failed logins.
Simplifies account cleanup: If you need to remove old accounts, trigger the trash_users tool first, keeping them in a recoverable state for seven days.
Automates security checks: For troubleshooting, run the auth tool or ping_auth to verify MFA credentials and ensure the API connection is live.
Handles billing tasks instantly: Use tools like get_billing_edition or set_telephony_credits to audit account finances without logging into the finance portal.
See it in action
Onboarding a new team of 50 staff
The IT Admin needs to create fifty user accounts immediately. Instead of running half-dozen manual API calls, they prompt their agent: 'Use the bulk_create_users tool for these names.' The agent handles the entire batch upload in one go.
Investigating a suspicious login attempt
The SecOps Analyst needs to know if user jdoe was authorized. They prompt their agent: 'Check ldoe's pre-auth status.' The agent uses preauth and reports back all available factors, allowing the analyst to decide whether to trigger an MFA challenge using auth.
Cleaning up decommissioned accounts
The DevOps Engineer must remove a user account but can't delete them yet. They prompt: 'Move username jsmith to trash.' The agent uses the trash_users tool, marking it for deletion while keeping the data available for recovery.
The honest tradeoffs
Using only simple list calls
A developer just runs 'list all users' repeatedly because they can't find a specific status flag. This floods logs and gives them incomplete data.
Don't rely on basic listing. Use the list_users tool, specifying filters by email or username to narrow down the result set immediately.
Manually resetting users
A user has a billing issue and the admin manually resets their MFA credentials via an old console link. This doesn't track audit history.
For official account changes, use modify_user or set_billing_edition. These tools ensure the change is logged correctly within Duo’s system.
Assuming functionality
The developer runs 'list accounts' but doesn't know if credits are depleted, so they proceed with a login attempt and fail.
Always run get_telephony_credits first. This confirms available resources before triggering any authentication flow or attempting to provision services.
When It Fits, When It Doesn't
Use this MCP if your primary goal is automating complex, multi-step identity lifecycle processes—things like 'User creation -> Billing check -> Auth factor confirmation.' Don't use it if you just need simple data retrieval; for basic user listing without filtering, a general directory API might suffice. However, if the task involves authentication, provisioning, or billing management, this is essential because tools like preauth and get_telephony_credits provide specific context that generic APIs lack. If your only need is to view data, use list_users. If you need to act on the data (create, modify, trigger), this MCP is required.
Questions you might have
How do I use the Duo Security MCP to create users? +
You can create a single user using create_user or provision many at once with bulk_create_users. Just tell your agent which tool to run and what details to include.
What is the difference between `list_users` and `list_accounts`? +
list_users retrieves people accounts (the end-user profiles). list_accounts lists child accounts, which are usually used for partnership or billing structures.
If I delete a user, can I get them back using the Duo Security MCP? +
Yes. The agent uses the trash_users tool to send users to pending deletion, and later you can use restore_users to bring them back online.
Can I check if a user is allowed to log in with preauth? +
Absolutely. Use the preauth tool. It determines authorization status and lists every available factor, so you know exactly what challenge to send next.
After triggering a Duo authentication request, how do I confirm success using `auth_status`? +
You use auth_status to poll for the result of an asynchronous authentication process. This is key because sometimes Duo Push or SMS requests take time; this tool confirms if the transaction succeeded or failed.
What are the limits when I need to create many users at once using `bulk_create_users`? +
The tool allows you to create up to 100 new users in a single request. This is much faster than calling the individual user creation tool repeatedly, streamlining large-scale onboarding.
How do I check Duo's available phone call capacity using `get_telephony_credits`? +
Running get_telephony_credits fetches the current credit balance for your account. This helps prevent service outages by letting you monitor resources before an automated workflow runs out of funds.
Before I automate anything, how do I verify my Duo integration keys using the `check_auth` tool? +
Call check_auth to validate your API credentials and confirm signature generation. Running this first ensures your setup is correct before you attempt critical user management or authentication tasks.
Can I trigger a Duo Push notification for a specific user? +
Yes. Use the auth tool and set the factor to 'push'. You can provide either the username or user_id to target the correct person.
How do I check which authentication factors are available for a user? +
Run the preauth tool with the user's details. It will return whether the user is authorized and a list of supported factors like push, phone, or SMS.
Is it possible to change a user's status to 'bypass' or 'disabled'? +
Yes, the modify_user tool allows you to update the status field to 'active', 'bypass', or 'disabled' using the user's unique ID.
We've already built the connector for Duo Security. Just plug in your AI agents and start using Vinkius.
No hosting. No infrastructure. No complex setup.
All 18 tools are live and waiting.
You're up and running in seconds.
Gemini Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.
Built, hosted, and secured by Vinkius. You just connect and go.