Solved: SSO with active direcotry

fm321 · ‎12-30-2021

Hi everyone,
im using active directory as authentication source to protect our horizon application using generic service provider, the issue we are facing is our username and email address are diffrent. for example our username in duo is test and our email in AD is test.jhon@example.com , so when we change the duo username same to our AD email authentication is working fine, but if username in duo is different from email in AD , SAML is not allowing us to login, i’m using mail attribute in single sign on active directory configuration on duo portal, any help or suggestion

fm321 · ‎01-03-2022

Hi Kristina
Thanks for your response, I’ve added duo alias but it is not working. now i’m using sAMAccountName as Duo username attribute in single sign on configuration and change the application protection Nameid format to unspecified and Nameid attribute to username and it is working fine now.

View solution in original post

DuoKristina · ‎01-01-2022

You can set the email address as a username alias in Duo (so for the Duo user “test” add a username alias of “test.jhon@example.com”.

You can import username alias values from AD into Duo with directory sync. In the sync configuration set the source attribute for username alias 1 to mail.

Duo, not DUO.

fm321 · ‎01-03-2022

Hi Kristina
Thanks for your response, I’ve added duo alias but it is not working. now i’m using sAMAccountName as Duo username attribute in single sign on configuration and change the application protection Nameid format to unspecified and Nameid attribute to username and it is working fine now.