SSO AuthenticationSAML 2.0
Duo Security
Configure Duo Single Sign-On as a SAML 2.0 identity provider for Safeguard.
Duo Security
- In the Duo Admin Panel, go to Applications → Protect an Application, and protect Generic SAML Service Provider (via Duo Single Sign-On).
- Under SAML Response, set Entity ID to the SP Entity ID Safeguard shows after Save, and Assertion Consumer Service (ACS) URL to the ACS URL Safeguard shows after Save.
- Set NameID format to Email Address and NameID value to Email address.
- Under SAML Response → Attributes, add an attribute named
emailmapped to Email address — separate from the NameID setting above. - Copy the Single Sign-On URL, Entity ID, and Certificate from the Metadata section.
- In Safeguard, click Add Provider → SAML 2.0 → Duo Security, and enter those three values.
- Confirm an Authentication Source (your upstream directory — AD, Azure, Google, etc.) is linked to this Duo SSO application.
- Click Test in Safeguard to confirm.
Common errors: an "AuthSource error" at Duo means the Duo SSO Authentication Source isn't linked to this application yet — link it under the application's settings before testing.