This article explains how to integrate Duo SAML Single Sign-On (SSO) with Timus so users can authenticate to Timus using Duo.
Prerequisites
Before you begin, make sure you have:
- Administrator access to your Duo Admin Panel
- Administrator access to your Timus Manager
- Users already created in Duo
Step 1: Sign in to Duo Admin Panel
Go to:
https://admin.duosecurity.com/login
Sign in with your administrator account.
Step 2: Add a New Application
After logging in:
- Navigate to Applications
- Click Add Application
- Search for:
Generic SAML Service Provider- Select:
Generic SAML Service Provider - Single Sign-On- Click Add
Step 3: Configure Basic Application Settings
Use the following values:
Application Name
Timus DUO SAML IntegrationApplication Type
Generic SAML Service Provider - Single Sign-OnUser Access
Choose one of the following:
- Enable for all users
- Enable only for permitted groups (recommended)
If using group-based access, assign your desired Duo group such as:
Timus_UsersStep 4: Configure Service Provider Settings
Scroll down to the Service Provider section.
Use the following values:
Entity ID
Copy the Entity ID shown under Duo Metadata and paste it into the Service Provider Entity ID field.
Example (as shown in the image below)
Assertion Consumer Service (ACS) URL
https://auth.timuscloud.com/user/external/samlSingle Logout URL
Leave blank.
Service Provider Login URL
Leave blank.
Default Relay State
Leave blank.
Step 5: Configure SAML Response Settings
Use the following settings:
NameID Format
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressNameID Attribute
<Email Address>Signature Algorithm
SHA256Signing Options
Enable:
- Sign Response
- Sign Assertion
Assertion Encryption
Disabled
Step 6: Configure Attribute Mapping
Under Map Attributes, add the following values:
| IdP Attribute | SAML Response Attribute |
|---|---|
| <First Name> | firstname |
| <Last Name> | lastname |
Step 7: Save the Configuration
Click Save at the bottom of the page.
Step 8: Copy Duo Metadata for Timus
After saving the Duo application, locate the Metadata section in Duo Admin Panel.
You will need to copy the following values for the Timus configuration:
Identifier
Use the value labeled:
Entity IDSAML 2.0 Service URL
Use the value labeled:
Single Sign-On URLX.509 Certificate
Download the certificate or use the Copy Certificate option in Duo.
You will paste these values into the Timus SAML integration settings in the next step.
Step 9: Configure Timus SAML Settings
Log in to Timus Manager and navigate to:
Settings → Integration → SAML 2.0 → Manage → Create NewConfigure the new SAML provider using the values copied from Duo.
Title
DUO SAMLIdentifier
Paste the Entity ID copied from Duo Metadata.
SAML 2.0 Service URL
Paste the Single Sign-On URL copied from Duo Metadata.
X.509 Certificate
Copy the certificate from Duo and paste it into the X.509 Certificate field in Timus.
Allowed Sites
Select:
Remote Access → AllExample Timus Configuration
Use the example below as a reference:
- Title: DUO SAML
- Identifier: Duo Entity ID
- SAML 2.0 Service URL: Duo Single Sign-On URL
- X.509 Certificate: Duo Certificate
- Allowed Sites: Remote Access → All
Your Duo SAML integration with Timus is now successfully configured.
Users can now authenticate securely through Duo Single Sign-On and access Timus based on their assigned roles and permissions.
Important First Login Note
For the initial setup, users must sign in using the Single Sign-On URL provided in the Duo Metadata. This first authentication is required to correctly provision and register user data within Timus Manager.
After this initial login has been completed successfully, users will be able to access Timus directly through:
- https://my.timusnetworks.com
- Timus Connect application
Summary
- First login must be performed via Duo Single Sign-On URL
- User data is created and synchronized in Timus during first authentication
- Subsequent logins can be done directly via Timus access points(Timus Connect application and/or my.timusnetworks.com) without repeating the SSO URL step
Updated
Comments
0 comments
Please sign in to leave a comment.