Integrating Duo SSO with Grip Security

  • Published on Jan 4, 2025
  • 1 minute(s) read
  • mF

Overview

Duo Single Sign-On (SSO) is a cloud-hosted identity provider (IdP) supporting SAML 2.0 and an OpenID Connect provider (OP). It enhances popular cloud services like Microsoft 365 and Amazon Web Services with two-factor authentication and access policy enforcement through SSO protocols.

This article guides you through the process of integrating Duo SSO with Grip Security, by creating a new SAML application in Duo and configuring the necessary settings in Grip Security.

Prerequisites

  • Access to the Duo administration panel.

  • Access to the Grip Security portal.

Integrating Duo SSO with Grip Security

  1. From the Duo Administration page, select Applications on the left panel.

  2. On the Applications panel, select Protect an Application.
     

  3. Search for custom, and in the row Generic Service Provider, 2FA with SSO hosted by Duo (Single Sign-On), click Protect.
     

  4. In Duo SSO, under Service Provider, enter values for Entity ID and Assertion Consumer Service (ACS) URL. Copy these values from the Grip Security portal as follows:

a) In the Grip Dashboard, select Integrations and in the Duo SSO pane click Connect.

b) Copy the contents of the Identity ID field and paste them into the Identity ID field in Duo SSO.

c) Copy the contents of the Assertion Consumer Service (ACS) URL field and paste into the Assertion Consumer Service (ACS) URL field in Duo SSO.

  1. In Duo SSO, under SAML Response, enter the information as follows:

    • NameID format: Leave as default

    • NameID attribute: Leave as default

    • IdP Attribute: <Email Address>
       

  2. Select Enable User Attribute Transformations, and select the Set this as my NameID attribute.

  3. Enter the following in the Transformation Rules text box:

    • Use <Email Address>

    • make_lowercase



  4. Under Settings, in the Name field enter "Grip Security SSO App".
     

  5. Click Save.

  6. Stay on the Applications page. Under Metadata, copy the contents of the Metadata URL.

  7. In Grip Security, select Integrations and in the Duo SSO pane click Connect.

  8. Under Identity Provider details, enter the SAML Metadata URL copied from the Metadata URL field in Duo SSO

Summary

After following the procedure described in this article, you have integrated Duo SSO with Grip Security.

Related articles