Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
0
Helpful
2
Replies

Error with Google Workspace SSO Profile for Duo

AD_Tech
Level 1
Level 1

‎09-27-2022 08:25 AM

I’m trying to setup Duo as the SSO source for Google Workspace (using the Duo Google Workspace - Single Sign-On application) but it’s throwing an error when it first tries to redirect the user to Duo. I’m setting it up as a profile since it is only being applied to certain OUs in Google. We have a different SSO provider as our primary, but the Duo documentation is all for setting it up as the primary. This is the error I’m getting:

Oops!

We had trouble logging you in.

To access this application, contact your Help Desk. Let them know what app you were trying to access and the error below.

Error:Issuer in message received (https://accounts.google.com/samlrp/metadata?rpid=REDACTED) does not match the configured Entity ID expected (google.com/a/REDACTED.org)

Any assistance would be greatly appreciated!

0 Helpful
2 Replies 2

ldubravec
Level 1
Level 1

‎09-28-2022 12:45 PM

Hi there @AD_Tech,

This error likely indicates that the Entity ID or Issuer that the service provider uses to identify itself does not match the Entity ID configured in the Duo Admin Panel for the ACS URL the service provider is configured to send its Response to. Here are some troubleshooting steps that might help:

  • Make sure the ACS URL is configured correctly on the service provider side

  • If it is, make sure that the Entity ID configured in the Duo Admin Panel is correct

  • If this is a named integration and the Entity ID is not provided directly to Duo SSO, make sure that any fields used to generate the Entity ID are correct

Note: The Entity ID being sent by the service provider is the first one listed in the error message, while the Entity ID configured in Duo SSO is the second one listed in the error message

Hope this helps!

Kindly,

Lauren

0 Helpful

techguy150
Level 1
Level 1

‎10-04-2022 06:34 AM 

Log in to the Duo Admin Panel.
Click Administrators in the left sidebar, and then click Admin Login Settings.
Scroll to the Single Sign-On with SAML Configuration section of the "Administrator Login Settings" page.
Enable SSO by changing the "Authentication with SAML" setting.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents