Configure Duo as a SAML source
- In the Duo Admin Portal, select Applications.
- Select Protect an Application.
- Search and select Generic Service Provider.
- Select the option with Protection Type 2FA with SSO hosted by Duo.
Add Service Provider metadata to Duo
- In the Service Provider section of your cloud application in Duo, enter the Entity id and ACS URL.
- In the Entity id field, paste the Security Console Entity ID URL, for example:
- In the Assertion Consumer Service (ACS) URL field, paste the Security Console ACS URL, for example:
- If the ACS URL contains hostname/FQDN please set a Base Entity URL in the InsightVM Security Console
Configure attributes in Duo
- On the DUO NameID format field set the format to nameid-format:emailAddress.
- Set the NameID attribute to Email Address.
- Set the Signature Algorithm to SHA-256.
Download and upload metadata
- On DUO’s Metadata page, click Download XML Metadata file.
-
- In the Security Console, go the Administration page.
- In the Console section, click Authentication: 2FA and SSO.
- Click Configure SAML Source.
- Click Choose File and select the Azure metadata XML file.
- Click Save.
- Restart the console services.
- On the Administration page, under User Management, click Add User.
- Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
- Select SAML Authorization Method > SAML.
- Select the User Role.
- Assign Site and Asset Group Permissions.
- Click Save.
- Login to your Duo application landing page.
- Select the Rapid7 InsightVM Console tile.