How can we help?

Configuring Auvik with Duo Single Sign-On

Follow

Prerequisites:

  • A Duo account
  • A Duo Admin with the Owner role
  • Duo Single Sign-On is deployed and configured

Create the application for Auvik in the Duo Admin Panel

  1. Log in to the Duo Admin Panel
  2. Navigate to your sub account where you wish to protect Auvik
  3. Click on Applications
  4. In the search panel, search for Service provider
  5. Click on Protect on Generic Service Provider
  6. Select Protection Type of 2FA with SSO hosted by Duo (Single Sign-On)
    Screenshot 2024-04-10 at 10.21.01 AM.png

Configuring SAML in Auvik and Duo

  1. Obtain SAML configuration information and certificate from Duo
    • In Auvik application that you created above, copy the values from the Metadata section of:
      • Entity ID
      • Single Sign-On URL
    • Under Downloads, click Download Certificate next to Certificate
      Screenshot 2024-04-10 at 10.33.47 AM.png
  2. Configure SAML in Auvik
    • Go to your Auvik site
      Screenshot 2024-04-10 at 10.46.34 AM.png
    • Click Settings
    • Click on the Authentication tab
      Screenshot 2024-04-10 at 10.49.25 AM.png
    • Click Browse on the IdP Signature Certificate field to upload your SAML Signing
      Certificate from Duo
    • Enter the Duo Entity ID in the IdP Issuer URI field and the Single Sign-On URL in the IdP Single Sign-On URL field.
      Screenshot 2024-04-10 at 10.53.42 AM.png
    • Click Save
    • Copy the Audience URI, ACS URL, and RelayState
      Screenshot 2024-04-10 at 10.56.04 AM.png
  3. Complete the SAML configuration in Duo
    • Navigate to the Service Provider section in the application we’ve protected in the steps
      above in the Duo Admin Panel
    • Enter the values that you copied from Auvik into their corresponding fields
      Duo Field Name Auvik Field Name
      Entity ID Audience URI
      Assertion Customer Service ACS URL
      Default Relay State RelayState
      Screenshot 2024-04-10 at 11.12.26 AM.png
    • Navigate to the SAML Response section in the application settings in the Duo Admin
      Panel
    • Set the NameID format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    • Set the NameID attribute to <Email Address>
    • Set the Signature algorithm to SHA-256
    • Under Signing options check the box next to Sign assertion, leave Sign response unchecked
    • In the Map Attributes section, map the following attributes
      IdP Attribute SAML Response Attribute
      <First Name> firstName
      <Last Name> lastName
      <Email Address> email
      Screenshot 2024-04-10 at 11.19.55 AM.png
    • Under Settings rename the application to Auvik
    • Click Save
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request