Duo

Overview

This guide walks you through the process of configuring Duo Single Sign-On (SSO) using Security Assertion Markup Language (SAML). We will provide instructions for integrating Duo with a SAML Identity Provider (IdP). This documentation uses Azure Active Directory (Azure AD) as the example IdP, but the steps are similar for other providers like Okta, ADFS, and others.

Step 1: Create SAML Source in Duo SSO

If you don't have a SAML source set up in Duo SSO yet, please create a new one and provide the following information with us to proceed with the configuration:

• Entity ID: The unique identifier used by your IdP to recognize the Duo application.

• Assertion Consumer Service (ACS) URL: The endpoint where your IdP sends the SAML authentication responses.

• Audience Restriction: The identifier for the service provider (Duo) that the IdP should match with the SAML response.

• Metadata URL: The URL where the IdP can retrieve Duo’s metadata to automatically configure the SSO connection.

Step 2: Create a SAML Application in Azure AD

1. Log in to Azure AD:

   • Sign in to the Azure portal using your administrator credentials.

2. Register a New Application:

   • Navigate to Azure Active Directory > Enterprise applications.

   • Click on New application.

   • Select Create your own application.

   • Provide a name for the application and choose Integrate any other application you don't find in the gallery (Non-gallery).

     
3. Set Up SAML-based SSO:

   • Under the application’s settings, go to Single sign-on.

   • Choose SAML as the single sign-on method.

     
4. Basic SAML Configuration:

   • Fill in the following fields:

     • Identifier (Entity ID): Enter the Entity ID value from Step 1

     • Reply URL (Assertion Consumer Service URL): Enter the Assertion Consumer Service (ACS) URL from Step 1

     • Sign on URL: Leave this blank unless Duo provides a specific value.

5. User Attributes & Claims:

   • Ensure the required claims are set up. Typically, you should configure:

     • NameID: Set this to the user’s email address or another unique identifier.

     • FirstName: Given name of the user.

     • LastName: Surname of the user.

       
6. SAML Signing Certificate:

   • Edit Token signing certificate then download the PEM certificate

     

     

Step 3: Configure Duo Single Sign-On

• Fill the following fields in Duo with the info from Azure

  • Entity ID: Enter Microsoft Entra Identifier from Azure

  • Single Sign-On URL: Enter Login URL from Azure

  • Single Logout URL: Enter Logout URL from Azure

Note: If you experience any issues during the linking process or have questions related to Single Sign-On (SSO) integration, please reach out to our support team at [email protected]. We are available to assist you and ensure a seamless integration with your authentication system.