Configuring SAML: Duo

How to configure SAML Single Sign-On (SSO) for your Canary Console using Duo as the Identity Provider (IdP). This guide provides step-by-step instructions to integrate Duo with your Console, enabling secure and seamless authentication.

Enable Single Sign-On from Duo to your Canary Console with these steps.

Step 1: SAML parameters

1. Log in to your Console.

2. Click the green Gear Icon on the top right-hand side of your screen.

3. Select Global Settings.

4. Scroll down to the SAML section at the bottom of the page.

5. Locate the Console info you'll need later.

Step 2: Duo clients configuration

Login to your Duo Admin Panel

1. Select Applications in the navigation bar on the left.
2. Click Protect an Application.

1. Search for Generic SAML Service Provider.
2. Click Configure.

Download the SAML Metadata by clicking Download XML.

In the Service Provider section enter the Entity ID and ACS url from Step 1.

In the SAML Response section set the following:

• NameID format to SAML:1.1:nameid-format:emailAddress.

• NameID attribute to Email Address.

• Signature algorithm to SHA256.

• Signing options to only Sign assertion.

And click Save.

Your Duo configuration is done!

Step 3: Send us the SAML Metadata

Send the SAML metadata file from Step 2 to us in a support ticket at here and we will configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 4: Test login from the Console

You'll know it's working when you see your Console Login page show a Login with SSO button:

Click the button to initiate the SSO login.