¶ Duo SAML SSO Integration
Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.
Duo Exium integration handles users seamless access to Exium. Administrators can easily attach Exium security policy groups to Duo users. Unique features of this integration are
- Simple steps to integrate Duo API with Exium
- Push New Users from Duo to Exium
- Push User Deactivation from Duo to Exium
- Reactivate Users from Duo to Exium
- Single sign-on from Duo to sign-on to Exium
This note explains how to configure Duo Exium application settings and Exium Workspace settings so that Duo Users can be synced with Exium Workspace in real time and SSO from Duo can be used to sign-on to Exium Service.
Following steps elaborate Duo SAML2 API Integration with Exium
¶ 1. Select Duo as Sign-in Option on Exium
¶ 1.1 Copy Workspace Name
To copy workspace name, follow below steps.
- Navigate to the MSP admin console → Companies
- Click on Admin Console → Settings (alternatively Settings & Subscriptions on left bottom and Settings) as shown below.
Click on Profile tab in Settings page and copy Workspace as shown below. This is required to configure Duo in next step.
¶ 1.2 Change Sign-In Option
As a next step, configure Duo as Sign-in Type. Follow below steps.
- Navigate to the MSP admin console → Companies
- Click on Integrations → SCIM/SAML SSO
- Select Duo as Sign-In Type
- Copy ACS URL (Reply URL) and Entity ID (Identifier) one after other to paste in Duo as explained in next step.
¶ 2. Create Exium app on Duo
In your Duo account console, you can create Exium application by creating custom SAML app with required configuration settings. On left nav bar, click on Applications, click on Protect an Application under Applications. Search for “Generic SAML” in search bar and click on Protect button on the Generic SAML Service Provider row as shown below
¶ 2.1 Enter App details
Under Metadata section, Click on Copy next to Metadata URL as shown in below screenshot.
¶ 2.2 Add Service Provider (SP) Details
Under Service Provider section, Under Entity ID, Paste SP Entity ID (Entity ID on Exium Portal). (Please refer step 1 to copy these). Under Assertion Consumer Service (ACS) URL, enter https://service.exium.net/exium/sign-in/<workspace_name>/login (Workspace name on Exium Portal) at 0 Index and then Paste ACS URL (ACS URL on Exium Portal) at 1 Index as shown below.
¶ 2.3 Add Attribute Mapping
Scroll down to SAML Response section, and Attributes sub-section, select <Display Name> under IdP Attribute and enter givenname under SAML Response Attribute.
¶ 2.4 App Name and Save
Finally on Settings section, Enter Name, optionally, voice greeting and then click on Save button as shown below.
¶ 3. Update Metadata XML on Exium Portal
As a next step, Sign-in option on Exium Portal has to be saved by filling-in IDP Metadata XML URL. The metadata xml url is copied from Duo console on step 2.1.
On Exium admin console On SCIM/SAML SSO Page, Paste IDP Metadata XML URL and click on Save as shown below.
¶ 4. Verify SSO on Exium Service URL
If you are part of admin group, you can access admin console through SSO. you can enter your workspace name on service portal by entering the workspace name. Browser opens one more tab for Duo authentication. (Note: Some browsers block popups. You need to allow the popup to allow one more tab to be opened to take Duo authentication).
After successful authentication, it’ll show the message that “User is successfully Verified.” You can close the tab, then you’ll be in admin console in the original tab where you have entered workspace name. If the SSO verified user is not part of admin user, it gives an error that you don’t have access.
If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/
If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net