How can we help?

  1. eFileCabinet
  2. RUBEX

Menu

Rubex - How to set up SAML 2.0 SSO with Duo Follow

Avatar
Curtis Nash
  • Updated

Rubex has the ability to integrate with DUO SSO

See https://duo.com/docs/sso#saml

 

Step 1

Enable Duo Single Sign-On

Role required: Owner

  1. Log in to the Duo Admin Panel and click Single Sign-On in the navigation bar on the left.
  2. Review the information on the "Single Sign-On" page. If you agree to the terms, check the box and then click Activate and Start Setup.
  3. On the Customize your SSO subdomain page you can specify a subdomain you'd like your users to see when they are logging in with Duo Single Sign-On. For example, you can enter acme and users would see acme.login.duosecurity.com in the URL when logging into Duo Single Sign-On.
    Click Save and continue to use the desired subdomain or click Complete later to skip this step for now.

mceclip0.png

  1. On the Add Authentication Source page select SAML Identity Provider as your authentication source. Click the button at the bottom of the option you'd like to use to add that source type, and follow the instructions in the next section.

mceclip1.png

 

Configure your SAML Identity Provider

  1. On the "Single Sign-On Configuration" page scroll down to 
  1. Configure your SAML Identity Provider. This is the Duo Single Sign-On metadata information you'll need to provide to your SAML identity provider to configure Duo Single Sign-On as a service provider.
    mceclip2.png
  1. Configure your SAML identity provider to:
    • Send a NameIDFormat of urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
    •  
      Send a NameID attribute that matches your users' Duo usernames.
  2. On the "Single Sign-On Configuration" page scroll down to 2. Configure SAML Identity Provider's Attributes. Configure your SAML identity provider to send the following required attribute values. Attribute names must be sent to Duo Single Sign-On corresponding to the "Attribute Name Sent" column below:

SAML IdP Attribute

Attribute Name Sent

Email Address

Email

Full Name

DisplayName

First Name

FirstName

Last Name

LastName


You may configure additional attributes to send in addition to the required attributes

  1. Once you've configured Duo Single Sign-On as a service provider within your SAML identity provider continue to the next section.

Configure Duo Single Sign-On Authentication Source

  1. On the Duo Admin Panel "Single Sign-On Configuration" page scroll down to 3. Configure Duo Single Sign-on.
  2. Fill out the fields listed below using information from your SAML identity provider:

Name

Description

Display Name

A name so that you can easily identify the provider.

Entity ID

The global, unique name for your SAML identity provider. This is provided by your SAML identity provider and is sometimes referred to as "Issuer".

Single Sign-On URL

The authentication URL for your identity provider. This is sometimes referred to as "SSO URL" or "Login URL".

Single Logout URL

This field is optional and currently unused by Duo Single Sign-On. This field my be used in the future. The logout URL for your identity provider. This is sometimes referred to as "SLO URL" or "Logout Endpoint".

Logout Redirect URL

This field is optional. When this field is populated, after logging a user out of Duo Single Sign-On they will be redirected to the URL in this field.

Certificate

Download the signing certificate for your identity provider, and then click the Browse button to select the downloaded certificate.

Username normalization

Controls whether or not usernames entered for primary authentication should be altered before trying to match them to a Duo user account. When set to None, the usernames narroway, EXAMPLE\narroway, and narroway@example.com would be three separate users in Duo. When set to Simple, any domain information is stripped from the username sent to Duo, so narroway, EXAMPLE\narroway, and narroway@example.com would all resolve to a single "narroway" Duo user.

Default: Simple.

Once all the required information is filled out click Save.

mceclip3.png

Enable Rubex Single Sign-On

Create SAML

In Rubex go to the Admin menu, select Settings and then Single Sign-On Settings. Please click to Create SAML Configuration.
mceclip4.png

Identify

Give it a name to help identify the connection being used.

Issuer: in this field paste the Azure AD Identifier url. It should look something like https://sts.windows.net/########-####-####-###-############

Entity ID: use https://account.efilecabinet.net/ or you can use what your custom branding url that was configured in Rubex.

In the Signature Section select Choose File and reference the certificate that you downloaded from Azure AD.

Click the Create button.
mceclip5.png

 

You’ll need to go back into the SSO/SAML configuration and at the bottom of the window will be a section titled Endpoints. In that section is a Login URL which will be something like https://account.efilecabinet.net/api/saml/##. Copy the URL in the Rubex SAML settings.


mceclip6.png


Enter the SAML information into DUO and Rubex 

 

Now that the settings in Rubex have been finished, it’s time to finalize your setup

 Identifier (Entity ID): use the same url that you choose to use for the Entity ID in the Rubex configuration side. If this doesn’t match the value you used in Rubex the connection will fail.

Reply URL: this is where you put the URL that is generated at the bottom of the Rubex SSO configuration window, it’s be something along the lines of https://account.efilecabinet.net/api/saml/##

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more
Powered by Zendesk