1.1 In Duo Admin Panel, navigate from Applications > Applications, and search SAML in the Application catalog.

1.2 In Generic SAML Service Provider, select +Add.

1.3 Under Basic Configuration, in the Application Name field, enter CSE TrustProvider.

1.4 Under User access, select Enable for all users.

2.1 In the CSE Command Center, navigate from Settings > Identity and Access > End User.

2.2 Under Provider Name, select Other. In the field directly below, name the Provider Duo.

2.3 Under Provider Protocol, select SAML.

2.4 In Duo, under Metadata > Single Sign-on, copy the URL and paste into the IDP SSO Url field in CSE Idp Config under IDP Settings.

2.4 In Duo, under Downloads > Certificate, select Copy certificate. Paste the certificate in the CSE IdP config under IDP Settings in the IDP CA Certificate field.

2.5 In CSE’s IdP config, under Username, enter Username; under Email, enter Email; and under Groups, enter Groups.

2.6 Select Save.

3.1 Copy the Redirect URL from CSE IdP config. Paste into the Assertion Consumer Service (ACS) URL field in Duo.

3.2 Copy the Entity Issuer from CSE IdP config. Paste into the Entity ID field in Duo.

4.1 In Duo, under Map attributes > IdP Attribute, select Email Address and under SAML Response Attribute, enter Email.

4.2 Select the + to add another attribute mapping. Select Username and under SAML Response Attribute, enter Username.

5.1 In Duo, under Policy > Application policy, select Apply a policy to all users. Then select Create a new Policy. Under Policy name, enter CSE Policy.

5.2 Select Authentication methods, and ensure that all boxes are checked except for Duo Desktop authentication and Duo Mobile passcodes.

5.3 Select Create Policy, and then select Apply Policy.

6.1 Select Save.