Configure Duo as a SAML source

Create a new SAML Application in Duo

  1. In the Duo Admin Portal, select Applications.
  2. Select Protect an Application.
  3. Search and select Generic Service Provider.
  4. Select the option with Protection Type 2FA with SSO hosted by Duo.

Add Service Provider metadata to Duo

  1. In the Service Provider section of your cloud application in Duo, enter the Entity id and ACS URL.
  2. In the Entity id field, paste the Security Console Entity ID URL, for example: http://rapid7.com/nsc/console/…
  3. In the Assertion Consumer Service (ACS) URL field, paste the Security Console ACS URL, for example: https://<console-hostname>:<console-port>/saml/SSO
  4. If the ACS URL contains hostname/FQDN please set a Base Entity URL in the InsightVM Security Console

Configure attributes in Duo

  1. On the DUO NameID format field set the format to nameid-format:emailAddress.
  2. Set the NameID attribute to Email Address.
  3. Set the Signature Algorithm to SHA-256.

Download and upload metadata

  1. On DUO’s Metadata page, click Download XML Metadata file.
    1. In the Security Console, go the Administration page.
  2. In the Console section, click Authentication: 2FA and SSO.
  3. Click Configure SAML Source.
  4. Click Choose File and select the Azure metadata XML file.
  5. Click Save.
  6. Restart the console services.

Create a user in the Security Console

  1. On the Administration page, under User Management, click Add User.
  2. Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
  3. Select SAML Authorization Method > SAML.
  4. Select the User Role.
  5. Assign Site and Asset Group Permissions.
  6. Click Save.

Authenticate to InsightVM using SAML

  1. Login to your Duo application landing page.
  2. Select the Rapid7 InsightVM Console tile.