Menu

How Do I Enable SSO/SAML for Duo?

Avatar
Maddy Townsend
Updated
Follow

How Do I Configure SSO/SAML with Duo?

The below steps will allow you to configure single sign-on with Duo SSO. This will enable your users to automatically sign-in to KnowBe4 for their security awareness training.

You'll need a Duo subscription to follow the steps below. For additional assistance, review Duo's documentation.

  1. From the Duo Admin Panel, navigate to Applications > Protect an Application.
  2. Search for SAML – Service Provider.
  3. Select Protect this Application.
  4. Enter the following information in the Service Provider section:

    Service provider name Enter the name you want to be associated with this login 
    Entity ID KnowBe4
    Assertion Customer Service

    Enter the Callback URL
    Single Logout URL (Optional)

    Enter the Sign in URL
    Service Provider Login URL (Optional)

    Enter the Sign out URL

    Note:

    The Callback URL, Sign in URL, and Sign out URL can be found under the SAML section of your Account Settings page. Navigate to this area by clicking your email address in the top-right, then click Account Settings.

  5. In the SAML Response Fields, select the following options:

    NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    NameID attribute mail
    Send attributes NameID

    Leave all other fields at their default settings. 

  6. Click Save Configuration to save your changes.
  7. Click Download your configuration file to export the configuration via .json file to your Duo Access Gateway Admin server.
  8. Next, you will need to upload the configuration file. You can do this from the Duo Access Gateway server's console. Click the Configure icon.
  9. Select the .json file you exported. Then, click Upload.
  10. Contact KnowBe4 support to complete the configuration. You will need to provide them with your Duo Access Gateway SHA1 Fingerprint and the target URL. To retrieve the SHA1 Fingerprint and target URL:
    • Log in to your Duo Access Gateway administrative page and select Applications. Under the Metadata section, you'll find the SHA-1 Fingerprint and the SSO URL (this is the target URL).
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles