Configure Cisco Duo Security for MFA
Cisco Duo is a multi-faceted authentication provider and can only be used on your Auth0 tenant if all other factors are disabled. Your Duo account can be configured to support push notifications, SMS, OTP, phone callback, and more.
If other factors are enabled with other providers, you cannot also enable Duo. Duo is only available to users when it is the sole factor enabled.
The user will see a prompt for the second factor with Duo, listing the options you have enabled in your Duo account.

Your users can download Duo from Google Play or from the App Store for use as a second factor.
Prerequisite
Create an integration in Duo Security of type Web SDK and capture the assigned credentials. See the Duo documentation for more details on Duo setup.
Configure Duo
You will use the Duo credentials to fill in the Duo settings in the Auth0 Dashboard.
Go to Dashboard > Multifactor Auth and toggle Duo Security.
Click Duo Security and Enter the information in the fields to link your Duo account to Auth0.
Click Save.
Override 30-day MFA session
Duo does not provide an option for "Remember Me" behavior, so a 30-day MFA session is hard-coded to remember a logged-in user and not prompt them every time they log in. If you want to force your users to log in with Duo every time, you can create a rule with allowRememberBrowser: false
.
function (user, context, callback) {
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
callback(null, user, context);
}