Applicable to the following Sastrify plans:


* Legacy includes all plans signed before February 29, 2024.

In this configuration guide, you will learn how to configure Cisco Duo single sign-on (SSO) login and authentication for accessing Sastrify.


To set up Cisco Duo SSO as your login method for Sastrify, follow this 3-step process:

  1. Select "Login with Cisco Duo" as your login method in your Sastrify platform
  2. Create a Generic SAML Service Provider application for Sastrify in your Disco Duo account and generate your credentials: Single Sign-On URL and idP Certificate.
  3. Send the credentials to Sastrify

Each step is detailed in the following sections.

Step 1: Select the login method in Sastrify

From your Sastrify app,

  1. Click on Settings in the left menu.
  2. Select "Users & Authentication".
  3. Under Authentication Settings, click Edit
  4. Select "Login with Cisco Duo".
  5. Click "Enable SSO"

After completing Step 5, you will receive a confirmation notifying you that your SSO enablement request has been sent to the Sastrify App Support team. This will trigger an email prompt for you to later send the required information (Step 3) to complete the configuration process.

Now that step 1 is complete, let's move on to step 2 to start generating the required credentials from your Cisco Duo account.

Step 2: Create a Generic SAML Service Provider application and generate credentials

First, you will need to create an app for Sastrify within your Cisco Duo account. To do this,

  1. Sign in to your Duo Admin Portal using your admin account.
  2. Navigate to Applications.
  3. Click Protect an Application and locate the entry for Generic SAML Service Provider with a protection type of "2FA with SSO hosted by Duo (Single Sign-On)" in the applications list.

  4. Click the "Protect" to start configuring Generic SAML Service Provider.
  5. Choose Generic SAML Service Provider from the list of applications.
  6. Under the Service Provider sectionset the following values:
    • Entity ID: urn:auth0:sastrix:<company_name>-CISCODUO-SSO-PROD
    • ACS URL:<company_name>-CISCODUO-SSO-PROD
    • Single Logout URL:
  7. Make sure to replace <company_name> for all the above with your own company name, without space and in all caps, for example: urn:auth0:sastrix:COMPANYABC-CISCODUO-SSO-PROD
  8. Under the SAML Response section, set following values:

    • NameID Format : nameid::format::emailAddress
    • NameID Attribute: <Email Address>
    • Signature Algorithm: SHA256
  9. Configure and map the following attributes.

Cisco Duo will automatically generate Single Sign-On URL and idP Certificate

Copy the URL, download the certificate (see below), and proceed to step 3 to send these credentials to our App Support team to complete the configuration process.

Step 3: Send the credentials to Sastrify

The final part is the easiest. Simply send all the credentials to Sastrify by replying to the email generated from Step 1.

Once we receive your credentials, our Support Team will begin enabling the SSO login method within an SLA of 2 business days. You will be notified via email once the configuration is fully enabled.