In this configuration guide, you will learn how to configure Cisco Duo single sign-on (SSO) login and authentication for accessing Sastrify.



IN THIS ARTICLE


To set up Cisco Duo SSO as your login method for Sastrify, follow this 3-step process:

  1. Select "Login with Cisco Duo" as your login method in your Sastrify platform
  2. Create a generic SAML service provider application for Sastrify in your Disco Duo account and generate your credentials: Single Sign-On URL and idP Certificate.
  3. Send the credentials to Sastrify

Each step is detailed in the following sections.


Step 1: Select the login method in Sastrify



  1. Go to Settings > User & Company Data and find Authentication Settings on the right.
  2. Click "Edit".
  3. Select "Login with JumpCloud".
  4. Click "Enable SSO".


After clicking "Enable SSO", you'll receive a confirmation that your SSO enablement request has been sent to the Sastrify App Support team. This will trigger an email prompting you to submit the required information (Step 3) to complete the configuration.


Now that Step 1 is done, let’s move to Step 2 to generate the required credentials from your Cisco Duo account.


Step 2: Create a Generic SAML Service Provider application and generate credentials


First, you will need to create an app for Sastrify within your Cisco Duo account. To do this,

  1. Sign in to your Duo Admin Portal using your admin account.
  2. Navigate to Applications.
  3. Click Protect an Application and locate the entry for Generic SAML Service Provider with a protection type of "2FA with SSO hosted by Duo (Single Sign-On)" in the applications list.


  4. Click "Protect" to start configuring Generic SAML Service Provider.
  5. Choose Generic SAML Service Provider from the list of applications.
  6. Under the Service Provider sectionset the following values:
    • Entity ID: urn:auth0:sastrix:<company_name>-CISCODUO-SSO-PROD
    • ACS URL: https://login.sastrify.com/login/callback?connection=<company_name>-CISCODUO-SSO-PROD
    • Single Logout URL: https://login.sastrify.com/logout
  7. Make sure to replace <company_name> for all the above with your own company name, without space and in all caps, for example: urn:auth0:sastrix:COMPANYABC-CISCODUO-SSO-PROD
  8. Under the SAML Response section, set the following values:


    • NameID Format : nameid::format::emailAddress
    • NameID Attribute: <Email Address>
    • Signature Algorithm: SHA256
  9. Configure and map the following attributes.



Cisco Duo will automatically generate a single sign-on URL and idP Certificate

Copy the URL, download the certificate (see below), and proceed to step 3 to send these credentials to our App Support team to complete the configuration process.



Step 3: Send the credentials to Sastrify


The final step is simple—just reply to the email from Step 1 with all the credentials.


Once received, our support team will enable the SSO login method within 2 business days. You’ll be notified via email once the configuration is complete.