Duo Application Registration

Create the Cloud Application in Duo

Detail instructions: https://duo.com/docs/dag-generic

Click the "Protect an Application" button on the Applications page. Search for the "saml service provider" then click the "Protect this Application" link.

Enter the following information about your cloud app vendor in the Service Provider section:

Name
Description
Service Provider Namehttps://<onelist hostname>, e.g. https://iqx.onelistapprovals.com
Entity IDhttps://<onelist hostname>, e.g. https://iqx.onelistapprovals.com
Assertion Consumer Servicehttps://<onelist hostname>/rolemanager/signin-duo, e.g. https://iqx.onelistapprovals.com/rolemanager/signin-duo
Single Logout URLLeave it empty
Service Provider Login URLLeave it empty
Default Relay StateLeave it empty

Enter the following information in the SAML Response section

Name
Description
NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
NameID attributesAMAccountName
Send attributesAll
Signature AlgorithmSHA-256
Sign responseLeave this option enabled 
Sign assertionLeave this option enabled
Map attributesLeave empty
Create attributesLeave empty

Complete the rest on the page as required then download the configuration file for the Duo Access Gateway configuration.

Duo Access Gateway configuration

Detail instructions: https://duo.com/docs/dag-windows#create-a-cloud-application-in-duo

  • The minimum requirement for authentication source configuration.
Authentication SourceRequired Attributes
Active DirectorysAMAccountName,mail,givenname,sn
  • Upload the Cloud Application configuration JSON file.
  • Download the "XML metadata" file for OneList configuration: