Skip to main content
Red Canary help

Set up single sign-on to Duo

  • Updated .

Red Canary supports single sign-on (SSO) to any Security Assertion Markup Language (SAML)-compliant identity provider. Duo is a commonly used identity provider that you can use to control access to Red Canary.

Setting up single sign-on to Duo

  1. Go to your Duo Admin dashboard, click Applications, and then Protect an Application.
    mceclip0.png
  2. Type "service provider" into the search bar and click Protect this Application under SAML - Service Provider.
  3. Set Service provider name to Red Canary.
  4. Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
  5. Set Assertion Consumer Service to https://<your_domain>.my.redcanary.co/saml_sp/consume
  6. Set Service Provider Login URL to https://<your_domain>.my.redcanary.co/users/sign_in
  7. Set Single Logout URL to
    https://<your_domain>.my.redcanary.co/users/logout
  8. Set NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 
  9. Set NameID Attribute to mail.
  10. Set SendAttributes to all.
  11. Ensure Sign Resource and Sign Assertion are both checked.
  12. Map mail to Email.
    Saml.png
  13. Save the configuration.
  14. Under the Settings section, set the application's user-visible Name to Red Canary.
  15. Finally, scroll to the top of the application and click Download your configuration file.
  16. Login to your Duo Access Gateway management interface and navigate to Applications.
  17. Upload the certificate file downloaded in the previous step into the Add Application Configuration file box and click Upload.
    duo.png
  18. After the configuration file has been uploaded scroll to the Metadata section of the page and click Download certificate. Keep this page open for the next step.
    metadata.png
  19. Click your user icon at the top right of your Red Canary, and then click Single Sign-On.
  20. Paste the certificate you downloaded in the previous step into the Identity Provider x509 Cert (Base64 encoded) field.
  21. Set Identity Provider SSO Target URL to the SSO URL from your Duo Access Gateway metadata.
  22. Set Identity Provider SLO Target URL to the Logout URL from your Duo Access Gateway metadata.
  23. Set Identity Provider Entity ID to the Entity ID from your Duo Access Gateway metadata.
  24. Set Email Attribute to Email.
  25. Check This SSO configuration should be active.
  26. Click Save.

Your users should now see Red Canary in their Duo Application Launcher:

access.png

Comments

0 comments

Please sign in to leave a comment.