Create the Cloud Application in Duo

Detail instructions: https://duo.com/docs/dag-generic.

Click the "Protect an Application" button on the Applications page. Search for the "saml service provider" then click the "Protect this Application" link.

Enter the following information about your cloud app vendor in the Service Provider section:

Name	Description
Service Provider Name	https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com
Entity ID	https://<onelist hostname>, e.g. https://iqx.onelistapprovals.com
Assertion Consumer Service	https://<onelist hostname>/rolemanager/signin-duo, e.g. https://iqx.onelistapprovals.com/rolemanager/signin-duo
Single Logout URL	Leave it empty
Service Provider Login URL	Leave it empty
Default Relay State	Leave it empty

Enter the following information in the SAML Response section

Name	Description
NameID format	urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
NameID attribute	sAMAccountName
Send attributes	All
Signature Algorithm	SHA-256
Sign response	Leave this option enabled
Sign assertion	Leave this option enabled
Map attributes	Leave empty
Create attributes	Leave empty

Complete the rest on the page as required then download the configuration file for the Duo Access Gateway configuration.

Duo Access Gateway configuration

Detail instructions: https://duo.com/docs/dag-windows#create-a-cloud-application-in-duo

The minimum requirement for authentication source configuration.

Authentication Source	Required Attributes
Active Directory	sAMAccountName,mail,givenname,sn

Upload the Cloud Application configuration JSON file.
Download the "XML metadata" file for OneList configuration:

Browser not supported