Configuring Single Sign-On (SSO) with Duo
This article explains how to configure the SAML SSO integration of Duo with Quickpass.
Prerequisites
- Duo configured with the user accounts that will be used for accessing Quickpass..
- Primary or Super Role in Quickpass
- Owner or Administrator role for Duo
- All of your Technicians configured in Login Management in Quickpass will need an account in Duo with exactly the same email address.
Manual - https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
Bulk Import - https://support.getquickpass.com/hc/en-us/articles/4411037813783-How-to-Bulk-Import-Quickpass-Dashboard-Logins- Note the Primary and Super Roles will still be able to login with their Quickpass Account username and password to allow access in the case of challenges with the SSO.
- Initial configuration steps as per https://support.getquickpass.com/hc/en-us/articles/4419178721559-Setting-up-Dashboard-Logins-for-SSO-SAML-
- Before turning this feature on, log in to your Quickpass account twice - once in a regular browser and once in an incognito/private window or another browser. This is to ensure that you are still logged in to your account if you get locked out in the other window.
Instructions
- Log in to the Duo Portal. In the left-hand menu, click Applications
- Click Protect an Application at the top of the screen.
- Search for Generic Service Provider. Select the 2FA with SSO HOSTED BY Duo by clicking Protect
- Duo Metadata values to be placed in the Quickpass SAML SSO Setup Screen
- Certificate and FingerPrints
- Download the Certificate File from the Duo page and save it somewhere temporarily while completing the setup.
- Open this file in a Text Editor
- Copy the contents
- Paste the Value into the SAML SSO - Certificate on the Quickpass Dashboard (ensure that there are no leading or trailing spaces before or after the ---- characters)
- Copy the SHA-256 Fingerprint from the Duo Setup page and Paste it into the Quickpass Fingerprint box.
- On the Quickpass SAML SSO Page click on Save.
- Download the Certificate File from the Duo page and save it somewhere temporarily while completing the setup.
- Duo Service Provider Configuration
- Entity ID
- Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Paste that value into the Entity ID value on the Duo Service Provider Page
- Assertion Consumer Service (ACS) URL
NA or Oceania https://admin.getquickpass.com/api/auth/sso/login/callback EU https://eu-admin.getquickpass.com/api/auth/sso/login/callback
- Default Relay State
- Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Entity ID
- Duo SAML Response
- Duo Policy
- These values should be based upon your Duo Sign In Policy for your company. These values are likely already configured for your Technical Team based upon your configuration of Duo.
https://duo.com/docs/policy
- These values should be based upon your Duo Sign In Policy for your company. These values are likely already configured for your Technical Team based upon your configuration of Duo.
- Duo Settings
- Name - Give the new application a name (we suggest Quickpass SSO)
- Other Values will be adjusted based upon the behaviour you want to have happen when the Technician signs into Duo.
- Permitted Groups
- This can be left blank if you want to allow all of your technicians currently setup with Duo to use the sign in process.
- Remember that the Technician Login Roles must also be created in Quickpass Login Management
https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
- Remember that the Technician Login Roles must also be created in Quickpass Login Management
- You can create a Duo Group if you wish to have a specific set of Technicians that use the SSO to sign in to Quickpass if you wish.
https://duo.com/docs/using-groups
- This can be left blank if you want to allow all of your technicians currently setup with Duo to use the sign in process.
- Click the SAVE button at the bottom of the screen,
Testing
- In another browser or an Incognito/Private Browser Log open the Quickpass Dashboard
NA or Oceania https://admin.getquickpass.com EU https://eu-admin.getquickpass.com - Click Log In with SSO
- Enter the Email Address that is configured for the Login Role Account you are testing - Click Log In
- You should be prompted to sign into the Duo Single Sign-On just as you normally are.
- Sign in with the credentials from the SSO Source you normally use.
- You should be prompted with whichever Duo Sign In options you configured in the Duo Policy Section
- Approve the Duo Push or other Authentication method used for Duo SSO.
- Upon approval, the Technician should be logged into the Quickpass Dashboard with the proper account and permissions as assigned in the Quickpass Login Management.
Duo Central
If your team uses Duo Central to keep a list of applications that your Team can use for SSO Sign In.
- Click Add Tile
- Select Application Tile
- Put the checkmark in the box for the Application you configured above.
- Click Add tile
- Click the Edit Link
- Click Add Custom Logo
- Download this file and use it for the Logo.
- Click Save.
- You can now use this to directly sign into the Quickpass SSO Login Page.
Comments
0 comments
Please sign in to leave a comment.