How Do I Configure SSO/SAML with Duo?
The below steps will allow you to configure single sign-on with Duo SSO. This will enable your users to automatically sign-in to KnowBe4 for their security awareness training.
You'll need a Duo subscription to follow the steps below. For additional assistance, review Duo's documentation.
- From the Duo Admin Panel, navigate to Applications > Protect an Application.
- Search for SAML – Service Provider.
- Select Protect this Application.
- Enter the following information in the Service Provider section:
Service provider name Enter the name you want to be associated with this login Entity ID KnowBe4
Or, if a unique entity ID was generated for your KnowBe4 account, use the ID shown in your Account Settings.
Assertion Customer Service
Enter the Callback URL
Single Logout URL (Optional)
Enter the Sign out URL
Service Provider Login URL (Optional)
Enter the Sign in URL
The Callback URL, Sign in URL, and Sign out URL can be found under the SAML section of your Account Settings page. Navigate to this area by clicking your email address in the top-right, then click Account Settings.
- In the SAML Response Fields, select the following options:
NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress NameID attribute Send attributes
Make sure the "Cryptographically sign response for verification by your service provider" box is checked.
Leave all other fields at their default settings.
- Click Save Configuration to save your changes.
- Click Download your configuration file to export the configuration via .json file to your Duo Access Gateway Admin server.
- Next, you will need to upload the configuration file. You can do this from the Duo Access Gateway server's console. Click the Configure icon.
- Select the .json file you exported. Then, click Upload.
- To finish configuring SAML to your KnowBe4 account, please follow the instructions listed in this article.