Revver has the ability to integrate with DUO SSO.
Enable Duo Single Sign-On
Role required: Owner
Log in to the Duo Admin Panel and click Single Sign-On in the navigation bar on the left.
Review the information on the "Single Sign-On" page. If you agree to the terms, check the box and then click Activate and Start Setup.
On the Customize your SSO subdomain page you can specify a subdomain you'd like your users to see when they are logging in with Duo Single Sign-On. For example, you can enter acme and users would see acme.login.duosecurity.com in the URL when logging into Duo Single Sign-On.
Click Save and continue to use the desired subdomain or click Complete later to skip this step for now.
4. On the Add Authentication Source page select SAML Identity Provider as your authentication source. Click the button at the bottom of the option you'd like to use to add that source type, and follow the instructions in the next section.
Configure your SAML Identity Provider
On the "Single Sign-On Configuration" page scroll down to Configure your SAML Identity Provider. This is the Duo Single Sign-On metadata information you'll need to provide to your SAML identity provider to configure Duo Single Sign-On as a service provider.
Configure your SAML identity provider to:
Send a NameIDFormat of urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
Send a NameID attribute that matches your users' Duo usernames.
On the "Single Sign-On Configuration" page scroll down to 2. Configure SAML Identity Provider's Attributes. Configure your SAML identity provider to send the following required attribute values. Attribute names must be sent to Duo Single Sign-On corresponding to the "Attribute Name Sent" column below:
SAML IdP Attribute | Attribute Name Sent |
Email Address | |
Full Name | DisplayName |
First Name | FirstName |
Last Name | LastName |
You may configure additional attributes to send in addition to the required attributes
Once you've configured Duo Single Sign-On as a service provider within your SAML identity provider continue to the next section.
Configure Duo Single Sign-On Authentication Source
On the Duo Admin Panel "Single Sign-On Configuration" page scroll down to 3. Configure Duo Single Sign-on.
Fill out the fields listed below using information from your SAML identity provider:
Name | Description |
Display Name | A name so that you can easily identify the provider. |
Entity ID | The global, unique name for your SAML identity provider. This is provided by your SAML identity provider and is sometimes referred to as "Issuer". |
Single Sign-On URL | The authentication URL for your identity provider. This is sometimes referred to as "SSO URL" or "Login URL". |
Single Logout URL | This field is optional and currently unused by Duo Single Sign-On. This field my be used in the future. The logout URL for your identity provider. This is sometimes referred to as "SLO URL" or "Logout Endpoint". |
Logout Redirect URL | This field is optional. When this field is populated, after logging a user out of Duo Single Sign-On they will be redirected to the URL in this field. |
Certificate | Download the signing certificate for your identity provider, and then click the Browse button to select the downloaded certificate. |
Username normalization | Controls whether or not usernames entered for primary authentication should be altered before trying to match them to a Duo user account. When set to None, the usernames narroway, EXAMPLE\narroway, and [email protected] would be three separate users in Duo. When set to Simple, any domain information is stripped from the username sent to Duo, so narroway, EXAMPLE\narroway, and [email protected] would all resolve to a single "narroway" Duo user.
Default: Simple. |
Once all the required information is filled out click Save.
Enable Revver Single Sign-On
Create SAML
In Revver go to the Navigation Menu, Select select Account Settings and then the Single Sign-On Tab. Please click to Create SAML Configuration.
Identify
Give it a name to help identify the connection being used.
Issuer: in this field paste the Azure AD Identifier url. It should look something like https://sts.windows.net/########-####-####-###-############
Entity ID: use https://account.efilecabinet.net/ or you can use what your custom branding url that was configured in Revver.
In the Signature Section select Choose File and reference the certificate that you downloaded from Azure AD.
Click the Create button.
You’ll need to go back into the SSO/SAML configuration and at the bottom of the window will be a section titled Endpoints. In that section is a Login URL which will be something like https://account.efilecabinet.net/api/saml/##. Copy the URL in the Revver SAML settings.
Enter the SAML information into DUO and Revver
Now that the settings in Revver have been finished, it’s time to finalize your setup
Identifier (Entity ID): use the same url that you choose to use for the Entity ID in the Revver configuration side. If this doesn’t match the value you used in Revver the connection will fail.
Reply URL: this is where you put the URL that is generated at the bottom of the Revver SSO configuration window, it’s be something along the lines of https://account.efilecabinet.net/api/saml/##
If you have further questions did you know that we offer interactive trainings here: revverdocs.com/open-office-hours
If you have technical difficulties, or encounter errors, please contact our technical service team at: https://www.revverdocs.com/chat