This article covers how to set up Duo as your identity provider for Umbrella SWG SAML.
Configuring Duo for SAML
In the Duo Admin Portal:
- Go to Applications > Protect an Application
- Search for “Generic Service Provider” and select “2FA with SSO self - hosted"
- Set Entity ID: saml.gateway.id.swg.umbrella.com
- Set Assertion Consumer Service: https://gateway.id.swg.umbrella.com/gw/auth/acs/response
- Click Save Configuration
- Download the configuration JSON file from the top of the page
- Install the Duo Access Gateway: https://duo.com/docs/dag
- Import the JSON file from step 7 into the DAG Web UI > Applications
- Download the DAG Metadata xml file from the DAG Web UI.
On the Umbrella Dashboard:
- Go to Deployments > Configuration > SAML Configuration > Add
- Select Duo Security as the SAML Provider and click NEXT
- Select XML File Upload and click NEXT. Do not need to download the Umbrella Metadata file.
- Upload the Duo Access Gateway Metadata file downloaded in step 10.
- Click NEXT.
- Set Re-Authenticate users period to your required time.
- Test Configuration and Save