Skip to main content
PSA SSO with Duo
A
Written by Aiden Morris
Updated over 2 years ago

SSO integration with Duo

This guide will help you to perform Pulseway PSA SSO integration with Duo.

Creating PSA Application in Duo

  1. Log into Duo and click on Applications on the left panel. Then click on Protech an Application button on the top right.

    Duo_BMS_Int1.PNG
  2. In the Search field, enter Generic Service Provider.

  3. From the search results, click Protect to select 2FA SSO Hosted by Duo.

    Duo_BMS_Int2.PNG


  4. Enter the following default settings in the respective fields for PSA.

  5. Entity ID: Enter <https://psa.pulseway.com>.

  6. Assertion Consumer Service (ACS) URL: Enter <https://psa.pulseway.com/SAML/Connect.aspx>


  7. After the DUO SAML application is created, copy the highlighted URL (Single Sign-on) from Duo and paste it into the PSA by navigating to Admin > My Company > Auth & Provision > SAML Login Endpoint URL.


    duo_BMS_int14.png


Duo SAML Settings, Attributes, and Security Certificate

  1. Go back to Duo now. In the SAML Response section, enter the following:

    • Name ID format: Select urn:oasis:names:tc:SAML 2.0:nameid-format:persistent from the dropdown.

    • Name ID attribute: Select <Email Address>. This should appear within a box.

    • Signature algorithm: Select SHA256 from the dropdown.

    • Signing options: Select both the checkboxes - Sign response and Sign assertion.

      Duo_BMS_Int4.PNG
  2. Download the certificate.

    duo_BMS_int13.png


  3. Important: Right-click and rename the file with .cer file extension if it shows some other file extension. If you are unable to do this, double-click the file and open it. Windows will flash a warning message with two options - Open and Cancel.

  4. Click Open. The certificate opens with three tabs - General, Details and Certification Path.

  5. Go to Details > Click Copy to File open. An export wizard appears.

  6. Click Next.

  7. By default, DER encoded binary X.509 (.CER) is selected under Select the format you want to use. Select Base-64 encoded X.509 (.CER).

  8. Click Next > Browse > Select a location and provide a new filename.

  9. Click Save > Next.

  10. Click Finish. You will see a message which says, "The export was successful." If you right-click the newly named certificate file and go to its Properties, you will see Security Certificate (.Cer) next to the label Type of file. Upload this new security certificate in PSA.

  11. Go to PSA > Admin > My Company > Auth & Provision > Upload Certificate and hit Save.

  12. Add the following attributes:

    • Map attributes section

      Duo_BMS_Int5.PNG
    • Create attributes section

      Note: You should create a custom attribute in Duo as it is not provided by default in the application.

      • Name: Enter CompanyName.

      • Value: Enter PSA Company Name. You can find the company name by navigating to Login > Your profile name > My Settings. You will find the company name just below your profile picture.

  13. In the Settings section, do the following:

    • Name: Enter Pulseway PSA.

    • Voice greeting: Enter Welcome to Duo.

  14. Click Save.


Sign Sign-on

  1. Once the application is created, it should be added to the Duo Home screen. Go to Duo > Single Sign-on > Duo Central > Add tile.

    Duo_BMS_Int7.PNG
  2. Next, click Add application tile. You will see a list of applications.

    Duo_BMS_Int8.PNG
  3. Click/select Pulseway PSA. It is now added to the Duo Home screen.


Duo Authentication

Click Pulseway PSA application. It will push the Duo authentication.

Duo_BMS_Int11.PNG

Did this answer your question?