Skip to content

BizRatings Sign-in Security with Duo Universal Prompt

← Knowledge Base

Important Notice: BizRatings Duo Universal Web SDK Updated 2/2/2026 to Duo_universal_csharp 1.3.0

Per Duo’s guidance, February 2, 2026 is considered a soft deadline. The underlying certificate changes are not expected to be strictly enforced until the March 31, 2026 hard cutover, which allows for additional testing and validation. 

Post-Upgrade Instructions: Regenerating Duo Web SDK Credentials

After upgrading the BizRatings Duo Web SDK version during the scheduled maintenance window, it is critical to regenerate your Duo Web SDK credentials to maintain secure and uninterrupted authentication.

Steps to Regenerate Client ID, Client Secret, and API Hostname

  1. Log in to the Duo Admin Panel
    Go to https://admin.duosecurity.com and authenticate with your administrator credentials.

  2. Access the Application Configuration
    Navigate to Applications → Protect an Application
    Locate the existing BizRatings Duo Access application (Web SDK / OIDC).

  3. Regenerate Credentials
    Within the application settings:

    • Find the Client ID and Client Secret fields
    • Click the option to regenerate or reset these credentials
    • Confirm any prompts

  4. Verify API Hostname
    Confirm the API Hostname remains correct or update it if necessary based on Duo's latest configuration.

  5. Update BizRatings Configuration
    Login to BizRatings as an Admin User:
    BizRatings → Company Profile → Expand your Company Name → Setup MFA - Replace the old Client ID, Client Secret, and API Hostname in your BizRatings admin configuration with the newly generated values. Save to deploy the updated configuration.

  6. Test Authentication Flow
    Log out and log back into BizRatings.
    Confirm the Duo Universal Prompt appears and authentication completes successfully.

BizRatings Duo Two Factor Authentication (2FA) & Duo Universal Prompt Setup Guide

Part 1: End User Guide — Logging In with Duo 2FA

What Duo 2FA Is

Duo Two Factor Authentication adds an extra layer of security to your BizRatings account.
After entering your email and password, you’ll verify your identity using a second method such as a Duo Push, passcode, or security key.

How to Log In

  1. Enter Your Credentials
    On the BizRatings login page:

    • Enter your email address
    • Enter your password
    • Select Remember Me if desired
    • Click Login
    • If needed, select Forgot Password? to reset your credentials

  2. Complete Duo Authentication
    After submitting your credentials, the Duo Universal Prompt will appear.
    You may authenticate using:

    • Duo Push (recommended)
    • Passcode from the Duo Mobile app
    • Phone call
    • SMS code
    • Security key or biometric method (if enabled)

Part 2: Administrator Guide — Configuring Duo Universal Prompt for BizRatings

This section explains how to configure Duo Universal Prompt using Duo’s Web SDK (OIDC) and how to create the application named BizRatings Duo Access.

Step 1: Log In to the Duo Admin Panel

Go to the Duo Admin Panel
Navigate to Applications → Add an Application

Step 2: Create the Application

Search for Web SDK or OIDC Web SDK (depending on your Duo edition)
Click Protect to create a new application
Set the Application Name to: BizRatings Duo Access

Step 3: Enable Duo Universal Prompt

Inside the application settings:

  • Locate the Universal Prompt section
  • Set Enable Universal Prompt to ON
  • Set User access to Enable for all users
  • Under Settings > Username normalization --> Select "Simple 
  • Save your changes

Step 4: Configure OIDC Settings

BizRatings uses Duo’s OIDC-based Web SDK. You will need the following values from Duo:

  • Client ID
  • Client Secret
  • API Hostname

In the Duo Admin Panel:

  • Copy the Client ID
  • Copy the Client Secret
  • Copy the API Hostname
  • Save the application

Step 5: Configure Duo Web SDK in BizRatings

Login to BizRatings as an Admin User: 
BizRatings → Company Profile → Expand your Company Name → Setup MFA

  • Insert the Client ID
  • Insert the Client Secret
  • Insert the API Hostname
  • Confirm that the BizRatings Duo Access application is selected
  • Click Apply Duo 2FA Settings to deploy your changes
  • Activate Duo 2FA for Employees via Setup MFA – Employee Link

Once configured, BizRatings will automatically redirect users to the Duo Universal Prompt during login.

Step 6: Test the Integration

  • Log out of BizRatings
  • Log back in using a test account
  • Confirm that the Duo Universal Prompt appears
  • Complete authentication
  • Verify that you are redirected back to BizRatings successfully

Troubleshooting

Common Duo Errors

  • “Client ID or Secret invalid”
    Re-copy values from Duo and confirm no whitespace or formatting issues.

  • Universal Prompt not appearing
    Check that the Universal Prompt toggle is enabled in Duo.