Duo Authentication
  • 07 Dec 2021
  • Dark
    Light

Duo Authentication

  • Dark
    Light

Article summary

Overview

By default, Expedient configures clients with 2-factor authentication (2FA) to Expedient Enterprise Workspace (EEW) with OneLogin as an identity provider.  If it is preferred, a client has the ability to substitute OneLogin for a different SAML identity provider and 2FA solution that their users may already be utilizing for access to other applications.  Examples of alternative identity provider and 2FA solutions include the Azure AD, Duo, and Okta.  If a client chooses to use a non-Expedient managed identity provider it is the responsibility of the client to manage that solution.  While Expedient may not manage these alternative solutions, Expedient is providing this documentation to assist clients with getting started with integrating their 2FA solution with Expedient Enterprise Workspace.  This document outlines the process for securing Expedient Enterprise Workspace with Duo Single Sign-On.

Prerequisites

The steps described in this document assume that the client has already configured Duo Single Sign-On with Active Directory as its Authentication source.  

This document assumes that you have already configured an MFA policy for your users within Duo that requires them to use the Duo.

Please refer to the Duo website for the subscription levels that support securing applications via SAML.  

Process

The process for integrating Duo with the Workspace One Access component of EEW follows the same process outlined for integrating Azure AD. You will first configure an application within Duo and input some information related to Workspace One configuration and configure Duo to send SAML requests with the attributes that Workspace One Access needs in order to properly map identities between the two systems. You will then configure the identity source within Workspace One Access.  

Please refer to the Expedient article on how to configure Azure AD authentication for the steps involved in the process as well as the Duo article for how to configure a SAML application. https://duo.com/docs/sso-generic 


Was this article helpful?