Create the Cloud Application in Duo
...
Click the "Protect an Application" button on the Applications page. Search for the "saml service provider" then click the "Proctect Protect this Application" link.
Enter the following information about your cloud app vendor in the Service Provider section:
Name | Description |
|---|---|
| Service Provider Name | https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com |
| Entity ID | https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com |
| Assertion Consumer Service | https://<onelist hostname>/rolemanager/signin-duo, e.g. https://iqx.onelistapprovals.com/rolemanager/signin-duo |
| Single Logout URL | Leave it empty |
| Service Provider Login URL | Leave it empty |
| Default Relay State | Leave it empty |
...
Name | Description |
|---|---|
| NameID format | urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName |
| NameID attribute | sAMAccountName |
| Send attributes | All |
| Signature Algorithm | SHA-256 |
| Sign response | Leave this option enabled |
| Sign assertion | Leave this option enabled |
| Map attributes | Leave empty |
| Create attributes | Leave empty |
Complete the rest on the page as required then download the configuration file for the Duo Access Gateway configuration.
...
Detail instructions: https://duo.com/docs/dag-windows#create-a-cloud-application-in-duo
- The minimum requirement for authentication source configuration.
| Authentication Source | Required Attributes |
|---|---|
| Active Directory | sAMAccountName,mail,givenname,sn |
- Upload the Cloud Application configuration JSON file.
- Download the "XML metadata" file for OneList configuration: