Login
      Contents x
      Set Up Single Sign-on with Duo
      • 21 Jun 2024
      • 1 Minute to read
      • PDF
      Contents

      Set Up Single Sign-on with Duo

      • Updated on 21 Jun 2024
      • 1 Minute to read
      • PDF
      Article summary

      Red Canary supports single sign-on (SSO) to any Security Assertion Markup Language (SAML)-compliant identity provider. Duo is a commonly used identity provider that you can use to control access to Red Canary.

      Step 1: Duo–Set up single sign-on

      1. Go to your Duo Admin dashboard, click Applications, and then Protect an Application.

        mceclip0.png

      2. Type “service provider” into the search bar and under SAML - Service Provider click Protect this Application.

      3. Set Service provider name to Red Canary.

      4. Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.

      5. Set Assertion Consumer Service to https://.my.redcanary.co/saml_sp/consume

      6. Set Service Provider Login URL to https://.my.redcanary.co/users/sign_in

      7. Set Single Logout URL to: https://.my.redcanary.co/users/logout

      8. Set NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 

      9. Set NameID Attribute to mail.

      10. Set SendAttributes to all.

      11. Ensure Sign Resource and Sign Assertion are both checked.

      12. Map mail to Email.

        Saml.png

      13. Save the configuration.

      14. Under the Settings section, set the application’s user-visible Name to Red Canary.

      15. Finally, scroll to the top of the application and click Download your configuration file.

      16. Login to your Duo Access Gateway management interface and navigate to Applications.

      17. Upload the certificate file downloaded in the previous step into the Add Application Configuration file box and click Upload.

        duo.png

      18. After the configuration file has been uploaded scroll to the Metadata section of the page and click Download certificate. Keep this page open for the next step. metadata.png

      19. Click your user icon at the top right of your Red Canary, and then click Single Sign-On.

      20. Paste the certificate you downloaded in the previous step into the Identity Provider x509 Cert (Base64 encoded) field.

      21. Set Identity Provider SSO Target URL to the SSO URL from your Duo Access Gateway metadata.

      22. Set Identity Provider SLO Target URL to the Logout URL from your Duo Access Gateway metadata.

      23. Set Identity Provider Entity ID to the Entity ID from your Duo Access Gateway metadata.

      24. Set Email Attribute to Email.

      25. Check This SSO configuration should be active.

      26. Click Save.

      Your users should now see Red Canary in their Duo Application Launcher:

      access.png

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout