¶ Partner Portal - Duo SAML SSO Integration
Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.
Duo Exium integration handles users seamless access to Exium Partner Portal. Administrators can easily attach Exium security roles to Duo users. Unique features of this integration are
- Simple steps to integrate Duo API with Exium Partner Portal
- Push New Users from Duo to Exium
- Push User Deactivation from Duo to Exium
- Reactivate Users from Duo to Exium
- Single sign-on from Duo to sign-on to Exium Partner Portal
This note explains how to configure Duo Exium application settings and Exium Workspace settings so that Duo Users can be synced with Exium Partner Portal in real time and SSO from Duo can be used to sign-on to Exium Partner Portal.
Following steps elaborate Duo SAML2 API Integration with Exium Partner Portal.
¶ 1. Select Duo as Sign-in Option on Exium
To change Duo as Sign-in option, Click on Settings tab on Admin Console on Exium partner portal as shown below.
Click on General tab in Settings page and copy Tag as shown below. This is required to configure Duo in next step.
Click on Sign-in tab in Settings page and select Duo. Copy Entity ID (Identifier) and ACS URL (Reply URL) one after other and keep it. This is required to paste in Duo Exium app in next step.
¶ 2. Create Exium app on Duo
In your Duo account console, you can create Exium application by creating custom SAML app with required configuration settings. On left nav bar, click on Applications, click on Protect an Application under Applications. Search for “Generic SAML” in search bar and click on Protect button on the Generic SAML Service Provider row as shown below
¶ 2.1 Enter App details
Under Metadata section, Click on Copy next to Metadata URL as shown in below screenshot.
¶ 2.2 Add Service Provider (SP) Details
Under Service Provider section, Under Entity ID, Paste SP Entity ID (Entity ID on Exium Portal). (Please refer step 1 to copy these). Under Assertion Consumer Service (ACS) URL, enter https://partner.exium.net/exium/sign-in/<partner_tag>/login (Partner Tag name on Exium Partner portal) at 0 Index and then Paste ACS URL (ACS URL on Exium Portal) at 1 Index as shown below
¶ 2.3 Add Attribute Mapping
Scroll down to SAML Response section, and Attributes sub-section, select <Display Name> under IdP Attribute and enter givenname under SAML Response Attribute.
¶ 2.4 App Name and Save
Finally on Settings section, Enter Name, optionally, voice greeting and then click on Save button as shown below.
¶ 3. Update Metadata XML on Exium Portal
As a next step, Sign-in option on Exium Partner Portal has to be saved by filling-in IDP Metadata XML URL. The metadata xml url is copied from Duo console on step 2.1.
On Exium Partner Portal, On Sign-In tab of Settings Page, Paste IDP Metadata XML URL and click on Save as shown below.
¶ 4. Verify SSO on Exium Service URL
If you are part of admin group, you can access partner portal through SSO. you can enter your workspace name on partner portal by entering the partner tag. Browser opens one more tab for Duo authentication. (Note: Some browsers block popups. You need to allow the popup to allow one more tab to be opened to take Duo authentication).
After successful authentication, it’ll show the message that “User is successfully Verified.” You can close the tab, then you’ll be in admin console in the original tab where you have entered workspace name. If the SSO verified user is not part of admin user, it gives an error that you don’t have access.
¶ 5. Check Users on Exium
All the users assigned to Exium app are synced through SAML to Exium partner portal when they login to service. On Exium Partner Portal, Click on Users box. Under Users page, you will see all the assigned users (with associated groups) are synced from Duo to Exium.
If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/
If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net