Introduction
Enable Single Sign-On from Duo to your Canary Console with these steps.
Step 1: SAML parameters
Login to your Console, click the green Gear Icon on the top right hand side of your screen, select "Global Settings" and scroll down to the SAML section at the bottom of the page. You will find the info for your Console (pictured below) that you'll need later:
Step 2: Duo clients configuration
Login to your Duo Admin Panel
-
Select Applications in the navigation bar on the left
- click Protect an Application
- Search for Generic SAML Service Provider
- click Configure
Download the SAML Metadata by clicking Download XML
In the Service Provider section enter the Entity ID and ACS url from Step 1
In the SAML Response section set the following:
- NameID format to SAML:1.1:nameid-format:emailAddress
-
NameID attribute to Email Address
-
Signature algorithm to SHA256
-
Signing options to only Sign assertion
And click "Save".
Your Duo configuration is done!
Step 3: Send us the SAML Metadata
Send the SAML metadata file from Step 2 to us in a support ticket at support@canary.tools and we will configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 4: Test login from the Console
You'll know it's working when you see your Console Login page show a "Login with SSO" button:
Click the button to initiate the SSO login.