How to configure Duo SAML SSO

SSO is intended for accounts with multiple users who take the extra security measure of signing into third-party applications using an identity provider.

Prerequisites

You'll need a Duo account with admin access to complete the configuration.

Duo Configuration

Please complete the following steps:

1. Login to a Duo admin account
2. Click Protect an Application
3. Search for “generic service provider”
4. Find “Protection Type”:2FA with SSO hosted by Duo and click Protect
5. A modal will pup up. Click Ok.
6. You’ll be taken to a screen with some pieces of information we’ll need:
   1. All of the Metadata fields (copy/paste these to send to your Customer Success Manager)
      1. Entity ID
      2. Single Sign-On URL
      3. Single Sign-Out URL
      4. Metadata URL
   2. The certificate
      1. Click Download Certificate and send the file to us
7. Input the following items in the Service Provider section
   1. Entity ID = https://portal.cubesoftware.com/users/auth/sso/saml/metadata
   2. ASC URL = https://portal.cubesoftware.com/users/auth/sso/saml/acs/___
      1. Note - the trailing "__" at the end of this URL would be the name of your company
      2. Please send this URL to your CSM along with the items from step 6 above
8. In the Map Attributes section, configure the following IdP Attribute <> SAML Response Attribute mappings:

You should now have the following pieces of information to share with your CSM:

1. Entity ID
2. Single Sign-On URL
3. Single Sign-Out URL
4. Metadata URL
5. The downloaded certificate
6. ASC URL

Accessing your account with single sign-on (SSO)

Once Customer Success has configured Duo SAML SSO for your Cube instance, you'll be able to use it to sign in:

1.  Select Using Single Sign-On?

2. Input your company email address, then click Submit

3.  You will be redirected to your organization's sign in page.

4. After a successful sign in, you will be redirected to Cube.