Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4466
Views
22
Helpful
21
Replies

OpenID Connect (OIDC) Support

Go to solution
ITEM93
Level 1
Level 1

‎07-08-2021 06:49 AM

On our road to deploying SSO within our company we have come across a couple of applications that use OpenID Connect for their SSO deployment instead of SAML, and when looking to set up SSO with them they have referred us to this list of companies that are certified with OIDC: OpenID Certification | OpenID

I was very surprised to see Duo missing on this list and would love to see some OIDC support.
I’ve done some digging in the Duo documentation and it sounds like the new “Universal Prompt” is going to be based on OIDC, but I can’t find anything relating development on being able to protect OIDC applications like AutoTask/DarkWebID and others.

Is this sort of integration in development?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee

‎11-30-2022 10:50 AM

Public Preview will be rolling out over the next week!

View solution in original post

21 Replies 21

Go to solution
Amy2
Level 5
Level 5

‎07-08-2021 07:28 AM

Hi @ITEM93, thanks for asking this great question here in the community! There are currently feature requests under consideration for the future for both generic OIDC SSO applications and AutoTask specifically. I encourage you to request to be added to those by your account representative or a Duo Support agent, as we discussed on another thread.
Just briefly, I spent some time looking through the Dark Web ID website and knowledge base to see if I could find any instructions that could help you in the meantime, but without the ability to use generic SAML or RADIUS, I’m not really sure how this could be accomplished.

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee

‎07-08-2021 09:17 AM

Hey @ITEM93,

I’m the Product Manager for SSO at Duo and am happy to discuss where we are at with regards to OIDC.

Since the generally available release of Duo SSO last year, the team has been heads down working on our official Microsoft 365 integration that expands Duo SSO’s scope from exclusively SAML to also supporting WS-FED, WS-Trust, and WS-MEX (for M365 only).

Now that Microsoft 365 is out the door, we are starting work on support for OIDC service providers with Duo SSO.

With that, I am compiling a list of applications that our customers are looking to connect via OIDC so that our team can better validate the new service, but also hopefully create better named integrations in the future.

You mention AutoTask and DarkWebID. Are there any other application in particular that you would be trying to integrate?

Go to solution
ITEM93
Level 1
Level 1
In response to colin_medfisch

‎07-08-2021 11:03 AM

Hi @cmedfischduo

Thanks so much for the update, we are actually planning to roll out the M365 integration this weekend and are looking forward to that! Really appreciate all your hard work getting that named integration setup.

AutoTask is certainly the Number 1 highest priority for us right now.
The IDAgent suite would follow (DarkWebID & Bullphish) this would make Duo a much more compelling product matching the integrations offered by Okta, Authy, Passly.

I hope that with the development of the Universal Prompt, that it would make getting other OIDC integrations setup much easier.

There are a couple of other integrations that I’d love to see, but I don’t think
Webroot Secure Anywhere - both for MFA/SSO and for Device Health AV Agent Verification (Duo Device Health Application | Duo Security)
pfSense - both for device login as well as for direct OVPN integration. (I did find a workaround for the VPN part with a RADIUS integration, but would love a direct integration package with the built-in user manager (https://community.duo.com/t/duo-integration-on-pfsense-openvpn-configuration)

Hopefully other community users searching for OIDC compatibility can find this thread and add their requests to the list.

Thanks you once again for this update!

0 Helpful

Go to solution
ITEM93
Level 1
Level 1
In response to colin_medfisch

‎07-22-2021 06:41 AM

Hi @cmedfischduo

It looks like Datto have also adopted the OIDC standard for their SSO integration, this would be another key vendor that we would like to integrate with.

https://help.datto.com/s/article/KB370000000060

0 Helpful

Go to solution
ITEM93
Level 1
Level 1
In response to colin_medfisch

‎08-27-2021 07:32 AM

Hi @cmedfischduo,

With the new updates and improvements with the Universal Prompt, are there any updates on the SSO - OIDC integration? We are really looking forward to expanding our SSO with Duo.

0 Helpful

Go to solution
Xander_Desai
Level 1
Level 1
In response to ITEM93

‎10-13-2021 12:57 PM

Hey!
Just wanted to circle back and let you know that we don’t have any public facing updates we can share just yet. We are still busy working away on OIDC support for Duo SSO.
If you would have any interest in helping us do early testing @cmedfischduo is still looking to gather up some interested customers. If you could reach out to your account manager (if you have one) or to Duo support (Duo Customer Support | Duo Security) and let them know that we sent you they can help you get connected to us and enrolled in a private preview program.
Thanks!

Go to solution
ITEM93
Level 1
Level 1
In response to Xander_Desai

‎10-13-2021 01:01 PM

Hi @Xander_Desai

Thank you so much for the update.
I’m looking forward to working with the team to get these integrations setup and working.

Go to solution
newapitesting
Level 1
Level 1

‎02-17-2022 11:31 PM

Hello,

Following up on this post. Does DUO now support OIDC SSO?I don’t see anywhere in your documentation. I’m working with a customer who is looking to integrate with our application for support of OIDC SSO.

For the customer to integrate with our application, they would need to provide us:

  • Client Id
  • Client Secret
  • OpenID Configuration URL
  • Issuer URL

It looks like (at least in the trial account) you only offer SAML and Active Directory.

Any information would be appreciated.

Thank you!

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee
In response to newapitesting

‎02-18-2022 06:24 AM

Hi @newapitesting,

We are in active development of our OIDC support for Duo SSO!

What this will add is being able to add OIDC applications to Duo for authentication, but it will still require Active Directory or SAML to be configured as the authentication source for SSO itself.

We are hoping to have this in a private preview in the coming months.

– Colin

Go to solution
mbrownnyc
Level 1
Level 1

‎06-04-2022 08:08 PM

Hey Colin (@cmedfischduo),

I’d very much like to use Duo with Hashicorp Boundary, which supports OIDC (as detailed here).

I’m in the midst of a developing a PoC and would like to understand if it’s possible to perform the integration, as my attempts seem to be failing.

Thanks,

Matt

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee
In response to mbrownnyc

‎06-06-2022 07:37 AM

Hey @mattt,

Based on the documentation, it looks like Hashicorp’s implementation is pretty barebones, so it should be workable with our first release of OIDC support.

This should be in private preview shortly, so can you please DM me your account ID and I will add you to the preview list?

Go to solution
Ruben_Cardenal
Level 1
Level 1
In response to colin_medfisch

‎09-05-2022 03:27 AM

Hello @cmedfischduo

Any realistic ETA on this? We’re really interested in using it with AWS ALBs. The Cognito implementation works, but it has some issues.

Thanks.

0 Helpful

Go to solution
colin_medfisch
Cisco Employee
Cisco Employee
In response to Ruben_Cardenal

‎09-06-2022 08:34 AM

Hey @Ruben_Cardenal,

Just sent you a DM! We are getting very close to our Public Preview of this feature!

Go to solution
andrewyager1
Level 1
Level 1

‎08-01-2022 03:08 AM

Hi; I’m hoping to integrate OIDC into OwnCloud with Duo as the identity provider. I believe that this may not be currently well available yet - have you got any updates on when this might be ready? I’m pretty sure that we can do the user management/provisioning from LDAP/AD directly; and just use Duo for the auto workflow; but we need a .well-known endpoint to respond.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents