Skip to main content
All CollectionsTroubleshootingRevver FAQs
How to Set Up SAML 2.0 SSO with Duo
How to Set Up SAML 2.0 SSO with Duo
Ty Toon avatar
Written by Ty Toon
Updated over 6 months ago

Revver has the ability to integrate with DUO SSO.

Enable Duo Single Sign-On

  1. Log in to the Duo Admin Panel and click Single Sign-On in the navigation bar on the left.

  2. Review the information on the "Single Sign-On" page. If you agree to the terms, check the box and then click Activate and Start Setup.

  3. On the Customize your SSO subdomain page you can specify a subdomain you'd like your users to see when they are logging in with Duo Single Sign-On. For example, you can enter acme and users would see acme.login.duosecurity.com in the URL when logging into Duo Single Sign-On.
    Click Save and continue to use the desired subdomain or click Complete later to skip this step for now.

Graphical user interface, text, application, TeamsDescription automatically generated

4. On the Add Authentication Source page select SAML Identity Provider as your authentication source. Click the button at the bottom of the option you'd like to use to add that source type, and follow the instructions in the next section.

Graphical user interface, text, applicationDescription automatically generated

Configure your SAML Identity Provider

On the "Single Sign-On Configuration" page scroll down to Configure your SAML Identity Provider. This is the Duo Single Sign-On metadata information you'll need to provide to your SAML identity provider to configure Duo Single Sign-On as a service provider.

Graphical user interface, text, application, emailDescription automatically generated

Configure your SAML identity provider to:

  • Send a NameIDFormat of urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

  • Send a NameID attribute that matches your users' Duo usernames.

On the "Single Sign-On Configuration" page scroll down to 2. Configure SAML Identity Provider's Attributes. Configure your SAML identity provider to send the following required attribute values. Attribute names must be sent to Duo Single Sign-On corresponding to the "Attribute Name Sent" column below:

SAML IdP Attribute

Attribute Name Sent

Email Address

Email

Full Name

DisplayName

First Name

FirstName

Last Name

LastName


You may configure additional attributes to send in addition to the required attributes

Once you've configured Duo Single Sign-On as a service provider within your SAML identity provider continue to the next section.

Configure Duo Single Sign-On Authentication Source

On the Duo Admin Panel "Single Sign-On Configuration" page scroll down to 3. Configure Duo Single Sign-on.

Fill out the fields listed below using information from your SAML identity provider:

Name

Description

Display Name

A name so that you can easily identify the provider.

Entity ID

The global, unique name for your SAML identity provider. This is provided by your SAML identity provider and is sometimes referred to as "Issuer".

Single Sign-On URL

The authentication URL for your identity provider. This is sometimes referred to as "SSO URL" or "Login URL".

Single Logout URL

This field is optional and currently unused by Duo Single Sign-On. This field my be used in the future. The logout URL for your identity provider. This is sometimes referred to as "SLO URL" or "Logout Endpoint".

Logout Redirect URL

This field is optional. When this field is populated, after logging a user out of Duo Single Sign-On they will be redirected to the URL in this field.

Certificate

Download the signing certificate for your identity provider, and then click the Browse button to select the downloaded certificate.

Username normalization

Controls whether or not usernames entered for primary authentication should be altered before trying to match them to a Duo user account. When set to None, the usernames narroway, EXAMPLE\narroway, and [email protected] would be three separate users in Duo. When set to Simple, any domain information is stripped from the username sent to Duo, so narroway, EXAMPLE\narroway, and [email protected] would all resolve to a single "narroway" Duo user.

Default: Simple.

Once all the required information is filled out click Save.

Graphical user interface, text, applicationDescription automatically generated

Enable Revver Single Sign-On

Create SAML

In Revver go to the Navigation Menu, Select select Account Settings and then the Single Sign-On Tab. Please click to Create SAML Configuration.

Identify

Give it a name to help identify the connection being used.

Issuer: in this field paste the Azure AD Identifier url. It should look something like https://sts.windows.net/########-####-####-###-############

Entity ID: use https://account.efilecabinet.net/ or you can use what your custom branding url that was configured in Revver.

In the Signature Section select Choose File and reference the certificate that you downloaded from Azure AD.

Click the Create button.

You’ll need to go back into the SSO/SAML configuration and at the bottom of the window will be a section titled Endpoints. In that section is a Login URL which will be something like https://account.efilecabinet.net/api/saml/##. Copy the URL in the Revver SAML settings.

Graphical user interface, application, TeamsDescription automatically generated

Enter the SAML information into DUO and Revver

Now that the settings in Revver have been finished, it’s time to finalize your setup

Identifier (Entity ID): use the same url that you choose to use for the Entity ID in the Revver configuration side. If this doesn’t match the value you used in Revver the connection will fail.

Reply URL: this is where you put the URL that is generated at the bottom of the Revver SSO configuration window, it’s be something along the lines of https://account.efilecabinet.net/api/saml/##

If you have further questions did you know that we offer interactive trainings here: revverdocs.com/open-office-hours


Need Help?

Contact Technical Services

To get in contact with our technical services team for assistance select the chat bubble in the lower right corner. Initially you will connect with our AI bot Fin. If Fin is unable to answer your question please select the talk to a person button below his answer to speak with a member of our technical services department. Fin can also transfer you to a live representative at any time, just ask Fin to "transfer me to a live technician".


Did this answer your question?