search
Adaptiva.comSupport

Configure SSO with DUO Security

Adaptiva integrates with DUO Security using the OpenID Connect (OIDC) protocol to provide single sign-on (SSO). In this setup, DUO acts as the identity provider (IdP) and manages user authentication, while Adaptiva relies on DUO to authenticate users and validate OIDC tokens. This allows your users to login with their DUO credentials adding an extra layer of security.

Below is a walkthrough on how to setup a relying party in DUO and then use the generated information to setup an OIDC provider in the OneSite Platform.

hashtag
Create a Generic OIDC Relying Party - SSO

First we'll begin by creating an application integration in the DUO security admin portal.

  1. Select Applications > Manage > Applications, then click the + Add application button.

  2. Search for Generic OIDC Relying Party and click + Add.

hashtag
Basic Configuration

  1. Change the Application Name.

    • e.g. Adaptiva SSO

  2. Select either Enable only for permitted groups or Enable for all users.

hashtag
Metadata

Upon creation, DUO populates the following fields that you'll need to complete your OIDC setup in the Adaptiva Admin Portal.

  • Client ID

  • Client Secret - For versions 9.3 and above.

  • Issuer - Base URL for every endpoint.

hashtag
Relying Party

  1. If you are using versions 9.1 or 9.2, you will need to check the Allow PKCE only authentication box.

  2. Add the redirect URL using the format below:

    • https://<ServerFQDN>:[Port]/login/oidc-redirect

  3. Scroll the the very bottom and click Save.

hashtag
Add users on DUO

By default, admin users are not added to the User list, so you will need to add those manually for all users you wish to use the DUO SSO.

  1. Select Users > Users from the side navigation.

  2. Click the Add User button and enter the user information then click the Add User button.

    If Enable for All users was selected for the Application, this new user will be automatically added. However, if Enable only for permitted groups was selected these users will need to be added to specific groups to be included in the OIDC application.

hashtag
Create an OIDC Provider

Follow the steps on the Configure OIDC page, the one-to-one translation of information that is specific to DUO is below:

  • Authority - This is the Issuer base URL from DUO that you can copy and paste in the Authority field.

  • Client ID - This is the Client ID from DUO.

If using 9.1-9.2:

  • Client Authentication Type - Select Client Secret (Post) from the dropdown.

  • Client Secret - This is the Client Secret from DUO.

    View from DUO Application dashboard:

    View from Adaptiva server settings:

hashtag
Log in page

After Duo Security and the OneSite Platform have been federated using OIDC, an SSO button will appear on the login page. Once clicked, users will be redirected to a Duo login page and granted access to OneSite Platform.

PreviousConfigure SSO with Entra IDNextConfigure SSO with Okta

Last updated

Was this helpful?