Configure Duo as a SAML source
Create a new SAML Application in Duo
- In the Duo Admin Portal, select Applications.
- Select Protect an Application.
- Search and select Generic Service Provider.
- Select the option with Protection Type 2FA with SSO hosted by Duo.
Add Service Provider metadata to Duo
- In the Service Provider section of your cloud application in Duo, enter the Entity id and ACS URL.
- In the Entity id field, paste the Security Console Entity ID URL, for example:
http://rapid7.com/nsc/console/…
- In the Assertion Consumer Service (ACS) URL field, paste the Security Console ACS URL, for example:
https://<console-hostname>:<console-port>/saml/SSO
- If the ACS URL contains hostname/FQDN please set a Base Entity URL in the InsightVM Security Console
Configure attributes in Duo
- On the DUO NameID format field set the format to nameid-format:emailAddress.
- Set the NameID attribute to Email Address.
- Set the Signature Algorithm to SHA-256.
Download and upload metadata
- On DUO’s Metadata page, click Download XML Metadata file.
- In the Security Console, go the Administration page.
- In the Console section, click Authentication: 2FA and SSO.
- Click Configure SAML Source.
- Click Choose File and select the Azure metadata XML file.
- Click Save.
- Restart the console services.
Create a user in the Security Console
- On the Administration page, under User Management, click Add User.
- Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
- Select SAML Authorization Method > SAML.
- Select the User Role.
- Assign Site and Asset Group Permissions.
- Click Save.
Authenticate to InsightVM using SAML
- Login to your Duo application landing page.
- Select the Rapid7 InsightVM Console tile.
Did this page help you?