Environment
- App Control: 8.1.0 and higher
- DUO Console
Objective
Configure SAML integration with DUO for two-factor authentication for App Control (formerly CB Protection)
Resolution
- While logged into DUO Admin Panel (web console)
- Go to "Applications" on the left panel
- Add a new application
- In the App Control Console
- Go to Settings Menu > System Configuration > SAML Login
- Under Service Provider section, click "Manual"
- Fill up the following fields in Service Provider Section:
- Service Provider Name
- Entity ID from the CbP Configuration page
- Assertion Consumer Service (Single Sign-On URL)
*The rest of the fields may remain blank
- Fill up the following fields in SAML Response Section:
- NameID is currently not relevant, but in the future we will support the emailAddress format; So for now, change NameID format to emailAddress and NameID attribute to mail
- Mapped attributes section, add an attribute with SAML Response Attribute set to "EmailAddress" with IdP Attribute set to "mail"
- Click "Save Configuration"
- Continue until Configure SAML Service Provided screen, and click "Download your configuration file"
- Now log into the Duo Access Gateway
- Navigate to Applications on the left side menu
- Click ''Browse'' and select the configuration file downloaded from SAML Response (Step 2)
- Click "Upload"
- The option to download the IDP XML file should be available
- Download the XML file
- In the App Control Console
- Go to Configuration menu > System Configuration > SAML Login.
- Click "Add Identity Provider".
- Input the IDP Name and paste or upload the XML
Additional Notes
Review CB Protection User Guide for ''Logging In Using SAML''
Related Content