Configure Duo to manage your directory of users in Cloud Secure Edge

Use Duo Single Sign-On (SSO) as your SAML IdP for CSE

  • Updated on Sep 30, 2025

Overview

Use this guide to configure Duo SSO as the SAML 2.0 Identity Provider for CSE. Following the steps, users will create a Generic SAML app in Duo, configure Duo as an IdP in CSE, and then validate the flow.

Steps

1.1 In Duo Admin Panel, navigate from Applications > Applications, and search SAML in the Application catalog.

Diagram

1.2 In Generic SAML Service Provider, select +Add.

1.3 Under Basic Configuration, in the Application Name field, enter CSE TrustProvider.

Diagram

1.4 Under User access, select Enable for all users.

2.1 In the CSE Command Center, navigate from Settings > Identity and Access > End User.

2.2 Under Provider Name, select Other. In the field directly below, name the Provider Duo.

2.3 Under Provider Protocol, select SAML.

Diagram

2.4 In Duo, under Metadata > Single Sign-on, copy the URL and paste into the IDP SSO Url field in CSE Idp Config under IDP Settings.

Diagram

Diagram

2.4 In Duo, under Downloads > Certificate, select Copy certificate. Paste the certificate in the CSE IdP config under IDP Settings in the IDP CA Certificate field.

Diagram

Diagram

2.5 In CSE’s IdP config, under Username, enter Username; under Email, enter Email; and under Groups, enter Groups.

Diagram

2.6 Select Save.

3.1 Copy the Redirect URL from CSE IdP config. Paste into the Assertion Consumer Service (ACS) URL field in Duo.

Diagram

Diagram

3.2 Copy the Entity Issuer from CSE IdP config. Paste into the Entity ID field in Duo.

Diagram

Diagram

4.1 In Duo, under Map attributes > IdP Attribute, select Email Address and under SAML Response Attribute, enter Email.

4.2 Select the + to add another attribute mapping. Select Username and under SAML Response Attribute, enter Username.

5.1 In Duo, under Policy > Application policy, select Apply a policy to all users. Then select Create a new Policy. Under Policy name, enter CSE Policy.

Diagram

5.2 Select Authentication methods, and ensure that all boxes are checked except for Duo Desktop authentication and Duo Mobile passcodes.

Diagram

5.3 Select Create Policy, and then select Apply Policy.

Diagram

Diagram

6.1 Select Save.

Diagram