cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8828
Views
5
Helpful
13
Replies

Connectwise SSO Integration

mattk1
Level 1
Level 1

Does anyone know if it is possible to set up Duo as an external identity provider? I don’t see any documentation on either end and we would really like to set this up.

Here is a link to the general setup instructions:
https://docs.connectwise.com/ConnectWise_Documentation/ConnectWise_Unified_Product/010/25

Thanks!

13 Replies 13

Amy2
Level 5
Level 5

Hi there,

Edit: Oops, I misunderstood your question initially. I am rather new to my role and still learning. Yes, my expert colleague Kristina explains in this post that Duo Access Gateway is a SAML 2.0 capable identity provider (or IdP).

You can set up Duo to protect Connectwise Manage via SSO using the generic SAML service provider:

  1. Deploy Duo Access Gateway
  2. Point it to Active Directory as the primary authentication source
  3. Set up SSO for ConnectWise Manage. When you do this you’ll be bouncing between the Duo Admin Panel (where you create the generic SAML application using whatever parameters/attributes ConnectWise recommends), your Duo Access Gateway server’s admin interface (where you add the application you created in the Duo Admin Panel), and the ConnectWise management console (where you tell it to use Duo for SSO).

This might be a good reference for you: https://docs.connectwise.com/ConnectWise_Documentation/090/020/070/140/SAML_and_SSO_Frequently_Asked_Questions

Thanks to @DuoKristina for this answer!

MikeJoll
Level 1
Level 1

Hi, we are in the same boat. Needing information on how to setup DAG with SAML / CW Manage & such as per the original question above. I can’t find any documentation that outlines the connection between the two products (ConnectWise doesn’t technically support DUO SAML but says it will work) and the setup on both sides uses different terminology for the required fields / values. We have DAG setup pointing to our AD, MattK did you get it working?

Brad_Cook
Level 1
Level 1

Checking in if anyone managed to get through this, we are assuming the Duo - NameID Format, NameID Attribute & Mapped Attributes being sent back to the ACS endpoint for ConnectWise Manage has something missing…

Hello @Brad_Cook, thanks for replying. I suggest contacting Duo Support, they’ll be able to look directly at your configuration and provide specific feedback in a way that this community isn’t set up to do. Let us know what you find out!

Another angle of approach would be consider migrating from Duo Access Gateway to Duo Single Sign-on, and then using Duo SSO with SAML to log into ConnectWise:

This will become necessary as we approach DAG end-of-life in October '23:
https://help.duo.com/s/article/7486?language=en_US

To bad there isn’t an On-premise solution to the DAG’s since they are eol soon.

I hear you @Gigawatt, it will take some adjustment to shift to a cloud-hosted identity provider. Duo Single Sign-On will reduce administrative burden while supporting more feature development options for our Engineering teams. I’ll be curious to hear how it goes for you after you’ve migrated.

Unfortunately we aren’t going that route. Since we are all strictly on-premise, we are going to replace the DAG’s with AD FS.

Ah I see, that makes sense. For good measure, I should make sure you know about our recently released compatibility with Duo Universal Prompt in the Duo AD FS integration.

We already run the Duo adapter but we don’t have the " Duo Universal Prompt" enabled, should we?

2X_b_ba92e90e8054e42adcad5f7ad0079a543a8362f8.png

Once you update to version 2.0.0 released in May, your Universal Prompt Progress Report will display App Update Ready under existing Duo Authentication for Microsoft AD FS apps. New AD FS apps will default to Universal Prompt.

Sorry about that we are on version 2.0.0. I just had an older screenshot

2X_1_1d24633a06af2926e8df32fca41017c03fa7a286.png

ITEM93
Level 1
Level 1

Just hoping to follow up on this.

The ConnectWise SAML_and_SSO_Frequently_Asked_Questions page states:
“SSO using SAML is only supported with a one-to-one connection with ADFS (Active Directory Federated Service). While it may be possible to integrate using products such as Azure AD, Okta, or DUO, we do not support them at this time.”

Was anyone able to get Managed working with Duo SSO?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links