Overview
Duo Single Sign-On (SSO) is a cloud-hosted identity provider (IdP) supporting SAML 2.0 and an OpenID Connect provider (OP). It enhances popular cloud services like Microsoft 365 and Amazon Web Services with two-factor authentication and access policy enforcement through SSO protocols.
This article guides you through the process of integrating Duo SSO with Grip Security, by creating a new SAML application in Duo and configuring the necessary settings in Grip Security.
Prerequisites
Access to the Duo administration panel.
Access to the Grip Security portal.
Integrating Duo SSO with Grip Security
From the Duo Administration page, select Applications on the left panel.
On the Applications panel, select Protect an Application.
Search for custom, and in the row Generic Service Provider, 2FA with SSO hosted by Duo (Single Sign-On), click Protect.
In Duo SSO, under 'Service Provider', enter the values for 'Entity ID ' and 'Assertion Consumer Service (ACS) URL.
Copy these values from the Grip Security portal according to the instructions below:
How to get SAML Settings, Entity ID, and Assertion Consumer Service (ACS) URL
From Grip, go to - System (A) » Users & Permissions tab (B) under SSO Provider » DuoSSO » click on Connect (C).
Copy the SAML Settings, Entity ID - (D), and Assertion Consumer Service (ACS) URL (E).
In Duo SSO, under SAML Response, enter the information as follows:
NameID format: Leave as default
NameID attribute: Leave as default
IdP Attribute:
<Email Address>
Select Enable User Attribute Transformations, and select the Set this as my NameID attribute.
Enter the following in the Transformation Rules text box:
use"<Email Address>"make_lowercase
Under Settings, in the Name field enter "Grip Security SSO App".
Click Save.
Stay on the Applications page. Under Metadata, copy the contents of the Metadata URL.
In Grip Security, select Integrations and in the Duo SSO pane click Connect.
Under Identity Provider details, enter the SAML Metadata URL copied from the Metadata URL field in Duo SSO.