Prerequisites:
- A Duo account
- A Duo Admin with the Owner role
- Duo Single Sign-On is deployed and configured
Create the application for Auvik in the Duo Admin Panel
- Log in to the Duo Admin Panel
- Navigate to your sub account where you wish to protect Auvik
- Click on Applications
- In the search panel, search for Service provider
- Click on Protect on Generic Service Provider
- Select Protection Type of 2FA with SSO hosted by Duo (Single Sign-On)
Configuring SAML in Auvik and Duo
- Obtain SAML configuration information and certificate from Duo
- In Auvik application that you created above, copy the values from the Metadata section of:
- Entity ID
- Single Sign-On URL
- Under Downloads, click Download Certificate next to Certificate
- In Auvik application that you created above, copy the values from the Metadata section of:
- Configure SAML in Auvik
- Go to your Auvik site
- Click Settings
- Click on the Authentication tab
- Click Browse on the IdP Signature Certificate field to upload your SAML Signing
Certificate from Duo - Enter the Duo Entity ID in the IdP Issuer URI field and the Single Sign-On URL in the IdP Single Sign-On URL field.
- Click Save
- Copy the Audience URI, ACS URL, and RelayState
- Go to your Auvik site
- Complete the SAML configuration in Duo
- Navigate to the Service Provider section in the application we’ve protected in the steps
above in the Duo Admin Panel - Enter the values that you copied from Auvik into their corresponding fields
Duo Field Name Auvik Field Name Entity ID Audience URI Assertion Customer Service ACS URL Default Relay State RelayState - Navigate to the SAML Response section in the application settings in the Duo Admin
Panel - Set the NameID format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Set the NameID attribute to <Email Address>
- Set the Signature algorithm to SHA-256
- Under Signing options check the box next to Sign assertion, leave Sign response unchecked
- In the Map Attributes section, map the following attributes
IdP Attribute SAML Response Attribute <First Name> firstName <Last Name> lastName <Email Address> email - Under Settings rename the application to Auvik
- Click Save
- Navigate to the Service Provider section in the application we’ve protected in the steps