Custom SSO Configuration is only available for dedicated Ascend Environments. Ascend Cloud only supports public SSO options.
Ascend can integrate with Duo for SSO authentication purposes. In order to configure Duo SSO, please go through the following steps:
- Ensure that Duo is enabled for SSO.
- In the Duo Admin panel, navigate to Applications
- Click Protect an Application and locate the entry for Generic Service Provider. You may use "2FA with SSO hosted by Duo (Single Sign-On)" or "2FA with SSO self-hosted (Duo Access Gateway)"
- Fill in the Entity ID. The Entity ID is the global, unique name for Duo Single Sign-On. The most commonly used pattern: use the hostname for the service as the Entity ID.
- Fill in the Assertion Consumer Service. This value will require your custom Ascend subdomain filled in as follows:
- In the SAML response section, ensure the NameID Format is set to SAML 2.0
- Set the Map Attributes to include the user's email and username.
- Ensure these settings are saved. You will then need to encrypt the Metadata URL through Keybase here, and then send the encrypted payload to your Ascend support engineer.
After this is set up, your users will be able to authenticate into Ascend through Duo SSO.
Updated 3 months ago