Create the Cloud Application in Duo
Detail instructions: https://duo.com/docs/dag-generic.
Click the "Protect an Application" button on the Applications page. Search for the "saml service provider" then click the "Proctect this Application" link.
Enter the following information about your cloud app vendor in the Service Provider section:
Name | Description |
|---|---|
| Service Provider Name | https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com |
| Entity ID | https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com |
| Assertion Consumer Service | https://<onelist hostname>/rolemanager/signin-duo, e.g. https://iqx.onelistapprovals./signin-duo |
| Single Logout URL | Leave it empty |
| Service Provider Login URL | Leave it empty |
| Default Relay State | Leave it empty |
Enter the following information in the SAML Response section
Name | Description |
|---|---|
| NameID format | urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName |
| NameID attribute | sAMAccountName |
| Send attributes | All |
| Signature Algorithm | SHA-256 |
| Sign response | Leave this option enabled |
| Sign assertion | Leave this option enabled |
| Map attributes | Leave empty |
| Create attributes | Leave empty |
Complete the rest on the page as required then download the configuration file for the Duo Access Gateway configuration.
Duo Access Gateway configuration
Detail instructions: https://duo.com/docs/dag-windows#create-a-cloud-application-in-duo
| Authentication Source | Required Attributes |
|---|---|
| Active Directory | sAMAccountName,mail,givenname,sn |