Are we talking about adding 2FA to Tenable logins? Or are we talking about sending Authentication Log data to Tenable as seen with other apps here: http://www.tenable.com/integrations ?
For the former -
if they support LDAP or RADIUS authentication - you can use Auth Proxy
if they support SAML you can use ADFS or Duo Access Gateway
for any kind of native Duo support, they would need to build this functionality into their product; like Lastpass, Onelogin, Splunk, etc. These vendors can use the WebSDK to provide the best possible authentication experience. https://duo.com/support/documentation/duoweb . Once the functionality is built on their side, we can work with them to get official docs on our docs page.
Sometimes people will use a VPN or bastion host and protect that - if the application in question allows you to restrict where logins originate from.
For the latter we would be back to the Admin API like for your Sumologic question.
thank you for the update. they can use SAML, however I’m not looking to maintain another system with Duo Access Gateway on the premise, hence the request for the API integration.