Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
2
Helpful
4
Replies

Invalid response from SSO provider.

rgifh
Level 1
Level 1

‎02-27-2024 12:44 PM

I have sso configured and working for users using a enterprise application in Entra ID. I setup a seperate enterprise application for the DUO admin portal. I keep getting Invalid response from SSO provider. When I click the test button in the Entra application, it goes through just fine

Labels:
0 Helpful
4 Replies 4

Ruben Cocheno
Spotlight
Spotlight

‎02-27-2024 03:51 PM

@rgifh 

If you have a support contract with DUO, i probably would suggest you call them directly and work with the support on that as can be a variety of things really.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Pulkit Mittal
Level 1
Level 1
In response to Ruben Cocheno

‎02-29-2024 02:18 AM - edited ‎02-29-2024 02:20 AM

I suggest to give my answer a try before reaching out to support.

Pulkit Mittal
Level 1
Level 1

‎02-29-2024 02:21 AM

I have seen this issue before, This error is related to the User Identifier in Azure. Using Persistent NameIDs can sometimes result in the incorrect attribute being sent to Duo in the SAML assertion.

Go back to the Attributes and Claims section in Entra ID and enter user.mail as the Identifier.

To resolve this issue, use the following workaround as suggest by Duo: 

  1. Log in to the Duo Admin Panel.
  2. Click Administrators in the left sidebar, then click Admin Login Settings.
  3. Scroll to the Single Sign-On with SAML Configuration section of the Administrator Login Settings page. 
  4. Enable SSO by changing the "Authentication with SAML" setting to either Optional or Required. This will expose the rest of the SSO configuration form.
  5. Change the Identity provider to Custom IdP.
  6. Go back to the Attributes and Claims section in Entra ID and enter user.mail as the Identifier.

0 Helpful

rgifh
Level 1
Level 1
In response to Pulkit Mittal

‎02-29-2024 07:06 AM

I have tried this with no luck.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents