Cisco Duo SSO

An overview of the process to configure SSO connections between ChaosSearch and Cisco Duo

Cisco Duo (“Duo”) Single Sign-On is Cisco cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of an application's login using the Security Assertion Markup Language (SAML) 2.0 or OpenID Connect (OIDC) authentication standards. Duo Single Sign-On acts as an identity provider (IdP), authenticating your users using existing on-premises Active Directory (AD) or any SAML 2.0 IdP and prompting for two-factor authentication before permitting access to your service provider application.

To configure Duo SSO connections to ChaosSearch, follow the steps in the Duo Single Sign-On for Generic SAML Service Providers topic available on the Duo website.

To pass group entitlements for ChaosSearch access, make sure that you have the names of the groups that are defined in ChaosSearch to which you want to assign the user. Then, in the Role attributes section of the SAML Response configuration, specify the group(s) in the Attributes :