Duo Security · Capability

Duo Admin API

The Duo Admin API provides programmatic access to the administrative functionality of Duo Security for managing users, groups, phones, hardware tokens, WebAuthn credentials, integrations, and bypass codes. Requests are authenticated using HMAC-SHA1 signed HTTP Basic credentials derived from your integration key and secret key.

Run with Naftiko DuoSecurityAPI

What You Can Do

GET

Listusers — List users

/admin/v1/users

POST

Createuser — Create user

/admin/v1/users

POST

Bulkcreateusers — Bulk create users

/admin/v1/users/bulk_create

POST

Bulkrestoreusers — Bulk restore users

/admin/v1/users/bulk_restore

POST

Bulksenduserstotrash — Bulk send users to Trash

/admin/v1/users/bulk_send_to_trash

GET

Getuser — Get user

/admin/v1/users/{user_id}

POST

Updateuser — Update user

/admin/v1/users/{user_id}

DELETE

Deleteuser — Delete user

/admin/v1/users/{user_id}

POST

Enrolluser — Enroll user

/admin/v1/users/enroll

GET

Listuserbypasscodes — List user bypass codes

/admin/v1/users/{user_id}/bypass_codes

POST

Createuserbypasscodes — Generate bypass codes

/admin/v1/users/{user_id}/bypass_codes

GET

Listusergroups — List user groups

/admin/v1/users/{user_id}/groups

POST

Associateusergroup — Associate group with user

/admin/v1/users/{user_id}/groups

DELETE

Disassociateusergroup — Disassociate group from user

/admin/v1/users/{user_id}/groups/{group_id}

GET

Listuserphones — List user phones

/admin/v1/users/{user_id}/phones

POST

Associateuserphone — Associate phone with user

/admin/v1/users/{user_id}/phones

DELETE

Disassociateuserphone — Disassociate phone from user

/admin/v1/users/{user_id}/phones/{phone_id}

GET

Listusertokens — List user hardware tokens

/admin/v1/users/{user_id}/tokens

POST

Associateusertoken — Associate hardware token with user

/admin/v1/users/{user_id}/tokens

DELETE

Disassociateusertoken — Disassociate hardware token from user

/admin/v1/users/{user_id}/tokens/{token_id}

GET

Listuserwebauthncredentials — List WebAuthn credentials for user

/admin/v1/users/{user_id}/webauthncredentials

GET

Listuserdesktopauthenticators — List desktop authenticators for user

/admin/v1/users/{user_id}/desktopauthenticators

GET

Listuserdirectorysyncs — List user directory syncs

/admin/v1/users/directorysync

POST

Syncdirectoryuser — Sync directory user

/admin/v1/users/directorysync/{directory_key}/syncuser

POST

Sendverificationpush — Send verification Duo Push

/admin/v1/users/{user_id}/send_verification_push

GET

Getverificationpushresponse — Retrieve verification push result

/admin/v1/users/{user_id}/verification_push_response

GET

Listgroups — List groups

/admin/v1/groups

POST

Creategroup — Create group

/admin/v1/groups

POST

Updategroup — Update group

/admin/v1/groups/{group_id}

GET

Getgroupv2 — Get group (v2)

/admin/v2/groups/{group_id}

GET

Listgroupusersv2 — List group users (v2)

/admin/v2/groups/{group_id}/users

POST

Bulkoperations — Bulk operations

/admin/v1/bulk

MCP Tools

listusers

List users

read-only idempotent

createuser

Create user

bulkcreateusers

Bulk create users

bulkrestoreusers

Bulk restore users

bulksenduserstotrash

Bulk send users to Trash

getuser

Get user

read-only idempotent

updateuser

Update user

deleteuser

Delete user

idempotent

enrolluser

Enroll user

listuserbypasscodes

List user bypass codes

read-only idempotent

createuserbypasscodes

Generate bypass codes

listusergroups

List user groups

read-only idempotent

associateusergroup

Associate group with user

disassociateusergroup

Disassociate group from user

idempotent

listuserphones

List user phones

read-only idempotent

associateuserphone

Associate phone with user

disassociateuserphone

Disassociate phone from user

idempotent

listusertokens

List user hardware tokens

read-only idempotent

associateusertoken

Associate hardware token with user

disassociateusertoken

Disassociate hardware token from user

idempotent

listuserwebauthncredentials

List WebAuthn credentials for user

read-only idempotent

listuserdesktopauthenticators

List desktop authenticators for user

read-only idempotent

listuserdirectorysyncs

List user directory syncs

read-only idempotent

syncdirectoryuser

Sync directory user

sendverificationpush

Send verification Duo Push

getverificationpushresponse

Retrieve verification push result

read-only idempotent

listgroups

List groups

read-only idempotent

creategroup

Create group

updategroup

Update group

getgroupv2

Get group (v2)

read-only idempotent

listgroupusersv2

List group users (v2)

read-only idempotent

bulkoperations

Bulk operations

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Duo Admin API
  description: The Duo Admin API provides programmatic access to the administrative functionality of Duo Security for managing
    users, groups, phones, hardware tokens, WebAuthn credentials, integrations, and bypass codes. Requests are authenticated
    using HMAC-SHA1 signed HTTP Basic credentials derived from your integration key and secret key.
  tags:
  - Duo
  - Security
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: duo-security
    baseUri: https://api-XXXXXXXX.duosecurity.com
    description: Duo Admin API HTTP API.
    authentication:
      type: basic
      username: '{{DUO_SECURITY_USERNAME}}'
      password: '{{DUO_SECURITY_PASSWORD}}'
    resources:
    - name: admin-v1-users
      path: /admin/v1/users
      operations:
      - name: listusers
        method: GET
        description: List users
        inputParameters:
        - name: username
          in: query
          type: string
        - name: limit
          in: query
          type: integer
        - name: offset
          in: query
          type: integer
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createuser
        method: POST
        description: Create user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-bulk-create
      path: /admin/v1/users/bulk_create
      operations:
      - name: bulkcreateusers
        method: POST
        description: Bulk create users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-bulk-restore
      path: /admin/v1/users/bulk_restore
      operations:
      - name: bulkrestoreusers
        method: POST
        description: Bulk restore users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-bulk-send-to-trash
      path: /admin/v1/users/bulk_send_to_trash
      operations:
      - name: bulksenduserstotrash
        method: POST
        description: Bulk send users to Trash
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id
      path: /admin/v1/users/{user_id}
      operations:
      - name: getuser
        method: GET
        description: Get user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateuser
        method: POST
        description: Update user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteuser
        method: DELETE
        description: Delete user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-enroll
      path: /admin/v1/users/enroll
      operations:
      - name: enrolluser
        method: POST
        description: Enroll user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-bypass-codes
      path: /admin/v1/users/{user_id}/bypass_codes
      operations:
      - name: listuserbypasscodes
        method: GET
        description: List user bypass codes
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createuserbypasscodes
        method: POST
        description: Generate bypass codes
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-groups
      path: /admin/v1/users/{user_id}/groups
      operations:
      - name: listusergroups
        method: GET
        description: List user groups
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: associateusergroup
        method: POST
        description: Associate group with user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-groups-group-id
      path: /admin/v1/users/{user_id}/groups/{group_id}
      operations:
      - name: disassociateusergroup
        method: DELETE
        description: Disassociate group from user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-phones
      path: /admin/v1/users/{user_id}/phones
      operations:
      - name: listuserphones
        method: GET
        description: List user phones
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: associateuserphone
        method: POST
        description: Associate phone with user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-phones-phone-id
      path: /admin/v1/users/{user_id}/phones/{phone_id}
      operations:
      - name: disassociateuserphone
        method: DELETE
        description: Disassociate phone from user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-tokens
      path: /admin/v1/users/{user_id}/tokens
      operations:
      - name: listusertokens
        method: GET
        description: List user hardware tokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: associateusertoken
        method: POST
        description: Associate hardware token with user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-tokens-token-id
      path: /admin/v1/users/{user_id}/tokens/{token_id}
      operations:
      - name: disassociateusertoken
        method: DELETE
        description: Disassociate hardware token from user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-webauthncredentials
      path: /admin/v1/users/{user_id}/webauthncredentials
      operations:
      - name: listuserwebauthncredentials
        method: GET
        description: List WebAuthn credentials for user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-desktopauthenticators
      path: /admin/v1/users/{user_id}/desktopauthenticators
      operations:
      - name: listuserdesktopauthenticators
        method: GET
        description: List desktop authenticators for user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-directorysync
      path: /admin/v1/users/directorysync
      operations:
      - name: listuserdirectorysyncs
        method: GET
        description: List user directory syncs
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-directorysync-directory-key-syncu
      path: /admin/v1/users/directorysync/{directory_key}/syncuser
      operations:
      - name: syncdirectoryuser
        method: POST
        description: Sync directory user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-send-verification-push
      path: /admin/v1/users/{user_id}/send_verification_push
      operations:
      - name: sendverificationpush
        method: POST
        description: Send verification Duo Push
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-users-user-id-verification-push-respons
      path: /admin/v1/users/{user_id}/verification_push_response
      operations:
      - name: getverificationpushresponse
        method: GET
        description: Retrieve verification push result
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-groups
      path: /admin/v1/groups
      operations:
      - name: listgroups
        method: GET
        description: List groups
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: creategroup
        method: POST
        description: Create group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-groups-group-id
      path: /admin/v1/groups/{group_id}
      operations:
      - name: updategroup
        method: POST
        description: Update group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v2-groups-group-id
      path: /admin/v2/groups/{group_id}
      operations:
      - name: getgroupv2
        method: GET
        description: Get group (v2)
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v2-groups-group-id-users
      path: /admin/v2/groups/{group_id}/users
      operations:
      - name: listgroupusersv2
        method: GET
        description: List group users (v2)
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: admin-v1-bulk
      path: /admin/v1/bulk
      operations:
      - name: bulkoperations
        method: POST
        description: Bulk operations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: duo-security-rest
    description: REST adapter for Duo Admin API.
    resources:
    - path: /admin/v1/users
      name: listusers
      operations:
      - method: GET
        name: listusers
        description: List users
        call: duo-security.listusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users
      name: createuser
      operations:
      - method: POST
        name: createuser
        description: Create user
        call: duo-security.createuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/bulk_create
      name: bulkcreateusers
      operations:
      - method: POST
        name: bulkcreateusers
        description: Bulk create users
        call: duo-security.bulkcreateusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/bulk_restore
      name: bulkrestoreusers
      operations:
      - method: POST
        name: bulkrestoreusers
        description: Bulk restore users
        call: duo-security.bulkrestoreusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/bulk_send_to_trash
      name: bulksenduserstotrash
      operations:
      - method: POST
        name: bulksenduserstotrash
        description: Bulk send users to Trash
        call: duo-security.bulksenduserstotrash
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}
      name: getuser
      operations:
      - method: GET
        name: getuser
        description: Get user
        call: duo-security.getuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}
      name: updateuser
      operations:
      - method: POST
        name: updateuser
        description: Update user
        call: duo-security.updateuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}
      name: deleteuser
      operations:
      - method: DELETE
        name: deleteuser
        description: Delete user
        call: duo-security.deleteuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/enroll
      name: enrolluser
      operations:
      - method: POST
        name: enrolluser
        description: Enroll user
        call: duo-security.enrolluser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/bypass_codes
      name: listuserbypasscodes
      operations:
      - method: GET
        name: listuserbypasscodes
        description: List user bypass codes
        call: duo-security.listuserbypasscodes
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/bypass_codes
      name: createuserbypasscodes
      operations:
      - method: POST
        name: createuserbypasscodes
        description: Generate bypass codes
        call: duo-security.createuserbypasscodes
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/groups
      name: listusergroups
      operations:
      - method: GET
        name: listusergroups
        description: List user groups
        call: duo-security.listusergroups
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/groups
      name: associateusergroup
      operations:
      - method: POST
        name: associateusergroup
        description: Associate group with user
        call: duo-security.associateusergroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/groups/{group_id}
      name: disassociateusergroup
      operations:
      - method: DELETE
        name: disassociateusergroup
        description: Disassociate group from user
        call: duo-security.disassociateusergroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/phones
      name: listuserphones
      operations:
      - method: GET
        name: listuserphones
        description: List user phones
        call: duo-security.listuserphones
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/phones
      name: associateuserphone
      operations:
      - method: POST
        name: associateuserphone
        description: Associate phone with user
        call: duo-security.associateuserphone
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/phones/{phone_id}
      name: disassociateuserphone
      operations:
      - method: DELETE
        name: disassociateuserphone
        description: Disassociate phone from user
        call: duo-security.disassociateuserphone
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/tokens
      name: listusertokens
      operations:
      - method: GET
        name: listusertokens
        description: List user hardware tokens
        call: duo-security.listusertokens
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/tokens
      name: associateusertoken
      operations:
      - method: POST
        name: associateusertoken
        description: Associate hardware token with user
        call: duo-security.associateusertoken
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/tokens/{token_id}
      name: disassociateusertoken
      operations:
      - method: DELETE
        name: disassociateusertoken
        description: Disassociate hardware token from user
        call: duo-security.disassociateusertoken
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/webauthncredentials
      name: listuserwebauthncredentials
      operations:
      - method: GET
        name: listuserwebauthncredentials
        description: List WebAuthn credentials for user
        call: duo-security.listuserwebauthncredentials
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/desktopauthenticators
      name: listuserdesktopauthenticators
      operations:
      - method: GET
        name: listuserdesktopauthenticators
        description: List desktop authenticators for user
        call: duo-security.listuserdesktopauthenticators
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/directorysync
      name: listuserdirectorysyncs
      operations:
      - method: GET
        name: listuserdirectorysyncs
        description: List user directory syncs
        call: duo-security.listuserdirectorysyncs
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/directorysync/{directory_key}/syncuser
      name: syncdirectoryuser
      operations:
      - method: POST
        name: syncdirectoryuser
        description: Sync directory user
        call: duo-security.syncdirectoryuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/send_verification_push
      name: sendverificationpush
      operations:
      - method: POST
        name: sendverificationpush
        description: Send verification Duo Push
        call: duo-security.sendverificationpush
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/users/{user_id}/verification_push_response
      name: getverificationpushresponse
      operations:
      - method: GET
        name: getverificationpushresponse
        description: Retrieve verification push result
        call: duo-security.getverificationpushresponse
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/groups
      name: listgroups
      operations:
      - method: GET
        name: listgroups
        description: List groups
        call: duo-security.listgroups
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/groups
      name: creategroup
      operations:
      - method: POST
        name: creategroup
        description: Create group
        call: duo-security.creategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/groups/{group_id}
      name: updategroup
      operations:
      - method: POST
        name: updategroup
        description: Update group
        call: duo-security.updategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v2/groups/{group_id}
      name: getgroupv2
      operations:
      - method: GET
        name: getgroupv2
        description: Get group (v2)
        call: duo-security.getgroupv2
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v2/groups/{group_id}/users
      name: listgroupusersv2
      operations:
      - method: GET
        name: listgroupusersv2
        description: List group users (v2)
        call: duo-security.listgroupusersv2
        outputParameters:
        - type: object
          mapping: $.
    - path: /admin/v1/bulk
      name: bulkoperations
      operations:
      - method: POST
        name: bulkoperations
        description: Bulk operations
        call: duo-security.bulkoperations
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: duo-security-mcp
    transport: http
    description: MCP adapter for Duo Admin API for AI agent use.
    tools:
    - name: listusers
      description: List users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listusers
      with:
        username: tools.username
        limit: tools.limit
        offset: tools.offset
      inputParameters:
      - name: username
        type: string
        description: username
      - name: limit
        type: integer
        description: limit
      - name: offset
        type: integer
        description: offset
      outputParameters:
      - type: object
        mapping: $.
    - name: createuser
      description: Create user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.createuser
      outputParameters:
      - type: object
        mapping: $.
    - name: bulkcreateusers
      description: Bulk create users
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.bulkcreateusers
      outputParameters:
      - type: object
        mapping: $.
    - name: bulkrestoreusers
      description: Bulk restore users
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.bulkrestoreusers
      outputParameters:
      - type: object
        mapping: $.
    - name: bulksenduserstotrash
      description: Bulk send users to Trash
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.bulksenduserstotrash
      outputParameters:
      - type: object
        mapping: $.
    - name: getuser
      description: Get user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.getuser
      outputParameters:
      - type: object
        mapping: $.
    - name: updateuser
      description: Update user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.updateuser
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteuser
      description: Delete user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: duo-security.deleteuser
      outputParameters:
      - type: object
        mapping: $.
    - name: enrolluser
      description: Enroll user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.enrolluser
      outputParameters:
      - type: object
        mapping: $.
    - name: listuserbypasscodes
      description: List user bypass codes
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listuserbypasscodes
      outputParameters:
      - type: object
        mapping: $.
    - name: createuserbypasscodes
      description: Generate bypass codes
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.createuserbypasscodes
      outputParameters:
      - type: object
        mapping: $.
    - name: listusergroups
      description: List user groups
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listusergroups
      outputParameters:
      - type: object
        mapping: $.
    - name: associateusergroup
      description: Associate group with user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.associateusergroup
      outputParameters:
      - type: object
        mapping: $.
    - name: disassociateusergroup
      description: Disassociate group from user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: duo-security.disassociateusergroup
      outputParameters:
      - type: object
        mapping: $.
    - name: listuserphones
      description: List user phones
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listuserphones
      outputParameters:
      - type: object
        mapping: $.
    - name: associateuserphone
      description: Associate phone with user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.associateuserphone
      outputParameters:
      - type: object
        mapping: $.
    - name: disassociateuserphone
      description: Disassociate phone from user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: duo-security.disassociateuserphone
      outputParameters:
      - type: object
        mapping: $.
    - name: listusertokens
      description: List user hardware tokens
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listusertokens
      outputParameters:
      - type: object
        mapping: $.
    - name: associateusertoken
      description: Associate hardware token with user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.associateusertoken
      outputParameters:
      - type: object
        mapping: $.
    - name: disassociateusertoken
      description: Disassociate hardware token from user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: duo-security.disassociateusertoken
      outputParameters:
      - type: object
        mapping: $.
    - name: listuserwebauthncredentials
      description: List WebAuthn credentials for user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listuserwebauthncredentials
      outputParameters:
      - type: object
        mapping: $.
    - name: listuserdesktopauthenticators
      description: List desktop authenticators for user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listuserdesktopauthenticators
      outputParameters:
      - type: object
        mapping: $.
    - name: listuserdirectorysyncs
      description: List user directory syncs
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listuserdirectorysyncs
      outputParameters:
      - type: object
        mapping: $.
    - name: syncdirectoryuser
      description: Sync directory user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.syncdirectoryuser
      outputParameters:
      - type: object
        mapping: $.
    - name: sendverificationpush
      description: Send verification Duo Push
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.sendverificationpush
      outputParameters:
      - type: object
        mapping: $.
    - name: getverificationpushresponse
      description: Retrieve verification push result
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.getverificationpushresponse
      outputParameters:
      - type: object
        mapping: $.
    - name: listgroups
      description: List groups
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listgroups
      outputParameters:
      - type: object
        mapping: $.
    - name: creategroup
      description: Create group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.creategroup
      outputParameters:
      - type: object
        mapping: $.
    - name: updategroup
      description: Update group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.updategroup
      outputParameters:
      - type: object
        mapping: $.
    - name: getgroupv2
      description: Get group (v2)
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.getgroupv2
      outputParameters:
      - type: object
        mapping: $.
    - name: listgroupusersv2
      description: List group users (v2)
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: duo-security.listgroupusersv2
      outputParameters:
      - type: object
        mapping: $.
    - name: bulkoperations
      description: Bulk operations
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: duo-security.bulkoperations
      outputParameters:
      - type: object
        mapping: $.
binds:
- namespace: env
  keys:
    DUO_SECURITY_USERNAME: DUO_SECURITY_USERNAME
    DUO_SECURITY_PASSWORD: DUO_SECURITY_PASSWORD