SSO is intended for accounts with multiple users who take the extra security measure of signing into third-party applications using an identity provider. Use the steps below to complete this configuration with our team's assistance. If you aren't currently working with someone from our team, please reach out to us so our support team can complete this for you.
You'll need a Duo account with admin access to complete the configuration.
Duo Configuration
Please complete the following steps:
- Log in to a Duo admin account.
- Click Protect an Application
- Search for Generic SAML Service Provider in the Application column and 2FA with SSO hosted by Duo in the Protection Type column. Click Protect.
- Click Ok on the window that opens.
- You’ll be taken to a screen with some pieces of information we’ll need:
- All of the Metadata fields (copy/paste these to share with our team)
- Entity ID
- Single Sign-On URL
- Single Sign-Out URL
- Metadata URL
- The certificate
- Click Download Certificate and send the file to us
- All of the Metadata fields (copy/paste these to share with our team)
- Input the following items in the Service Provider section:
- Entity ID = https://portal.cubesoftware.com/users/auth/sso/saml/metadata
- ASC URL = https://portal.cubesoftware.com/users/auth/sso/saml/acs/___
- Note - the trailing "__" at the end of this URL would be the name of your company
- Please send this URL to our team along with the items from Step 6 above
- In the Map Attributes section, configure the following IdP Attribute and SAML Response Attribute mappings:
IdP Attribute | SAML Response Attribute |
<Email Address> | User.Email |
<First Name> | User.FirstName |
<Last Name> | User.LastName |
You should now have the following pieces of information to share with us:
- Entity ID
- Single Sign-On URL
- Single Sign-Out URL
- Metadata URL
- The downloaded certificate
- ASC URL
Accessing your account with single sign-on (SSO)
After our team has configured Duo SAML SSO for your Cube instance, you'll be able to use it to sign in:
1. Select Using Single Sign-On?
2. Input your company email address, then click Submit
3. You will be redirected to your organization's sign-in page and after a successful sign-in, you will be redirected to Cube.