Duo

Duo provides more security layers to your SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with Identity Providers (IdP). This document does not include the configuration of Duo with different IdPs. For information on how to configure Duo, see the Duo official documentation.

The instructions below imply that you have already configured Duo with your Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.. To log in to the Infinity Portal with SSO integrated with Duo, you have to change the configuration.

To integrate your Identity Provider with Duo, follow these steps:

  1. Configure Single Sign-On.

    1. For general instructions, see https://duo.com/docs/sso.

    2. If you configure a SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Identity Provider, in the Configure the SAML Identity Provider section, copy the Assertion Consumer ServiceClosed A Check Point service offering that helps customers with deployments or technical services for Check Point products. URL to use it in Step 2.

  2. Configure an Application for a Generic SAML Service Provider, see https://duo.com/docs/sso-generic.

    1. In the Downloads section, find SAML Metadata and click the Download XML button. Keep the file to use in Step 3-d.

    2. In the Service Provider section, for Entity ID, enter the Infinity Portal entity ID from the Infinity Portal Allow Connectivity page in Step 3-c.

    3. For Assertion Consumer Service (ACS) URLsClosed Assertion Consumer Service (ACS) URL - a combination of the Secure Token Server subsystem address, its port number for handling SAML messages, the SAML binding, and any necessary information that is specific for CIC or ICWS., enter the Reply and Sign-on URLs from the same page in the Infinity Portal.

    4. In the SAML Response section, below the Map attribute, set the attributes for users (preconfigured) and groups (custom) as it shows in the Infinity Portal Allow Connectivity page (if applicable). For the example of the custom claims configuration in Azure AD, see https://help.duo.com/s/article/7167?language=en_US.

In the Application, you created, edit the SAML settings. Enter the Assertion Consumer Service URL that you copied from Duo in Step 1-a-ii for all SAML settings.

  1. In the Infinity Portal navigate to > Identity & Access > click the plus icon.

  2. Enter a name for the Integration Title and select Duo.

  3. Verify your domain.

  4. In the Allow Connectivity step, copy the entity ID and URLs and enter them in Duo when you configure a Generic SAML Service Provider in Steps 1-b-ii and 1-b-iii.

  5. In the Configure Metadata step, upload the Duo metadata XML file from Step 1-b-i.

  6. Make sure the Identity Provider configurations are correct.