Configuring Cisco Duo For SSO
This section documents the standard configuration for Cisco Duo as an identity provider to support log in to the DataGrail app. With this configuration, user roles must be managed within DataGrail.
Persons Needed to Complete Configuration: IT Person from your organization
- Log in to the Duo Admin Panel as an Administrator.
- Navigate to Applications and select Application Catalog.
- Search for Generic SAML Service Provider, select the Single Sign-On entry, and select + Add.
- Complete the Service Provider configuration.
SAML Configuration
Entity ID: https://{customer_subdomain}.datagrail.io/saml/metadata
Assertion Consumer Service (ACS) URL: https://{customer_subdomain}.datagrail.io/saml/auth
Service Provider Login URL: https://{customer_subdomain}.datagrail.io/saml/login
NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attribute: Email Address
Signature algorithm: SHA-256
Sign response: Enabled (default)
Sign assertion: Enabled (default)
If you are unclear on what your subdomain would be, please confirm with your Account Manager or reach out to support@datagrail.io.
- Configure the required attribute mappings.
Required Attributes
In the Map attributes section, add the following mappings:
| IdP Attribute (Duo) | SAML Response Attribute |
|---|---|
Email Address | email |
First Name | first_name |
Last Name | last_name |
- Assign the application to the user group(s) who should have access to DataGrail.
- Select Save. Once saved, copy the Metadata URL from the Metadata section at the top of the application page.
- Return to the DataGrail SSO setup page, select the Metadata URL tab, and paste the URL. Select Configure to validate and complete the setup.
For more information on adding users and managing roles, see Inviting New Users.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.