Duo Security two-factor authentication for Roundcube. Users have multiple ways to authenticate, including: 1. One-tap authentication using Duo’s mobile app. 2. One-time passcodes generated by Duo’s mobile app (works even with no cell coverage) 3. One-time passcodes delivered to any SMS-enabled phone. 4. Phone callback to any phone (mobile or landline!) 5. One-time passcodes generated by an OATH-compliant hardware token

Installs: 114

Dependents: 0

Suggesters: 0

Stars: 2

Watchers: 2

Forks: 2

Open Issues: 0

Type: roundcube-plugin

v1.0.6 2019-12-19 21:17 UTC


This is a Roundcube webmail plugin that enables Duo Security Two Factor Authentication.


It creates an additional page after successful username/password authentication that requires a 2nd Factor of Authentication using Duo Security (push, sms, call, hardware token code).


Install using Composer (https://getcomposer.org) from the root directory of your roundcube installation:

Run $ composer require lmr/duo_auth

Run $ composer dumpautoload -o


Copy config.inc.php.dist to config.inc.php and modify as necessary. Enter all keys necessary for integration with Duo in the config.inc.php file. Assuming a Duo integration has already been created in Duo's Admin Panel, you will be able to find all the information requested in the config.inc.php there.


Author: Alexios Polychronopoulos - Wrote duo_auth for Roundcube.

Author: Leonardo Mariño-Ramírez - Updated the plugin for compatibility with Roundcube 1.3.0.

Author: Johnson Chow - Added support for IPv4 CIDR matching and 2FA overrride for specific users.