This article is the second part of Setting up SAML SSO on Duo - part 1. This will show you how to set up application on Duo and integrate it with Creative Force.
Step 1: Set up application
Sign in to the Duo Admin Panel. From the left menu, click Applications and then click Protect an Application.
2. Search for Generic SAML Service Provider.
3. Click Protect next to the Generic Service Provider application with a Protection Type of 2FA with SSO hosted by Duo. The configuration page for the Generic SAML Service Provider opens.
4. In the Service Provider
Entity ID : Input “SP Entity ID” from SSO - How to setup SSO in CF
Assertion Consumer Service (ACS) URL: Input “SP Assertion Consumer Service Url” from SSO - How to setup SSO in CF
Default Relay State: Input “RelayState” from SSO - How to setup SSO in CF. Fill this in if you want to login to CF directly from Duo.
5. Click Download certificate in the Downloads section.
6. In the SAML Response section do the following
For NameID format select either urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
For NameID attribute select <Email Address>
In the Map Attributes section enter the following mappings of Duo IdP user attributes to SAML response attributes
IdP Attribute | SAML Response Attribute |
<Email Address> | |
<First Name> | |
<Last Name> |
7. In the Settings section enter other values in the Name field.
8. Click Save
Step 2: Integrate the application with Creative Force
Follow the steps in the section ‘Set up SAML SSO for Creative Force’ in this article.