Connect Rippling to Duo Security to automate MFA enrollment and policy assignment tied to employee role and department.
The Rippling–Duo Security integration automates multi-factor authentication enrollment and policy assignment based on employee role and department. New employees are automatically enrolled in Duo with the correct authentication policy, and access is revoked immediately when they're offboarded in Rippling.
Companies often apply the same MFA policy to all employees regardless of role, missing the opportunity to enforce stricter authentication — like hardware security keys — for higher-risk positions such as finance and IT administrators.
thePeopleStack configures provisioning rules between Rippling and Duo Security, including role-based MFA policy mapping for higher-risk positions, and validates that offboarding immediately revokes MFA enrollment.

Duo Security deployments for thePeopleStack's Rippling clients are structured around US MFA policy enforcement tied to Rippling department and role-based access requirements.
Canadian and cross-border operations: for Canadian employees, Duo Security provisioning follows the standard onboarding and offboarding workflow with no additional configuration required.
Duo Security supports SCIM provisioning, allowing Rippling to automate MFA enrollment and policy assignment tied to employment status changes.
Yes, through group mapping. Higher-risk roles — finance, engineering, IT admins — can be assigned stricter MFA policies, such as requiring hardware security keys rather than push notifications.
When a termination is processed in Rippling, Duo Security access is revoked, ensuring the former employee's MFA enrollment can't be used to authenticate into any connected systems.
Duo often serves as the MFA layer within a broader identity stack, working alongside Rippling's identity provisioning and other systems like Okta for a defense-in-depth security posture.
Standard configuration takes 2–3 hours.