We’re pleased to announce the general availability of Single Sign-On (SSO) support for the Admin Panel. Customers can now utilize SAML Identity Providers (IdP) like Azure AD, ADFS, Duo Access Gateway, etc. to federate access to the Duo Admin Panel.

In order to support this feature, we are also making an update to admin.duo.com - a persistent Single Sign On button similar to what you’ve seen on other cloud applications.

We also would like to take a moment to thank our beta customers for their feedback and input throughout the process.

Documentation around the new feature can be found here.

What SAML IdPs are supported?
ADFS, Azure AD, Duo Access Gateway, Google, Okta, OneLogin, PingOne, PingFederate, and Shibboleth.
In addition, we support the utilization of Custom SAML IdPs.

Why are administrators with single sign-on required to complete MFA?
We require multifactor authentication for all logins to the administrative panel because we consider it to be a critical application.

If Duo is already integrated with your Identity Provider (IdP), such as ADFS or Okta, this can result in a scenario where administrators will complete MFA once with the IdP and then a second time directly with the administrative panel.

While we understand this may be an inconvenience, we will continue to require MFA for all administrative panel access.