07-24-2019 11:13 PM
Does anyone know if it is possible to set up Duo as an external identity provider? I don’t see any documentation on either end and we would really like to set this up.
Here is a link to the general setup instructions:
https://docs.connectwise.com/ConnectWise_Documentation/ConnectWise_Unified_Product/010/25
Thanks!
07-26-2019 06:03 AM
Hi there,
Edit: Oops, I misunderstood your question initially. I am rather new to my role and still learning. Yes, my expert colleague Kristina explains in this post that Duo Access Gateway is a SAML 2.0 capable identity provider (or IdP).
You can set up Duo to protect Connectwise Manage via SSO using the generic SAML service provider:
This might be a good reference for you: https://docs.connectwise.com/ConnectWise_Documentation/090/020/070/140/SAML_and_SSO_Frequently_Asked_Questions
Thanks to @DuoKristina for this answer!
09-17-2019 08:04 PM
Hi, we are in the same boat. Needing information on how to setup DAG with SAML / CW Manage & such as per the original question above. I can’t find any documentation that outlines the connection between the two products (ConnectWise doesn’t technically support DUO SAML but says it will work) and the setup on both sides uses different terminology for the required fields / values. We have DAG setup pointing to our AD, MattK did you get it working?
06-30-2022 08:35 PM
Checking in if anyone managed to get through this, we are assuming the Duo - NameID Format, NameID Attribute & Mapped Attributes being sent back to the ACS endpoint for ConnectWise Manage has something missing…
07-06-2022 11:13 AM
Hello @Brad_Cook, thanks for replying. I suggest contacting Duo Support, they’ll be able to look directly at your configuration and provide specific feedback in a way that this community isn’t set up to do. Let us know what you find out!
07-06-2022 12:29 PM
Another angle of approach would be consider migrating from Duo Access Gateway to Duo Single Sign-on, and then using Duo SSO with SAML to log into ConnectWise:
This will become necessary as we approach DAG end-of-life in October '23:
https://help.duo.com/s/article/7486?language=en_US
07-06-2022 02:37 PM
To bad there isn’t an On-premise solution to the DAG’s since they are eol soon.
07-08-2022 03:06 PM
I hear you @Gigawatt, it will take some adjustment to shift to a cloud-hosted identity provider. Duo Single Sign-On will reduce administrative burden while supporting more feature development options for our Engineering teams. I’ll be curious to hear how it goes for you after you’ve migrated.
07-11-2022 06:14 AM
Unfortunately we aren’t going that route. Since we are all strictly on-premise, we are going to replace the DAG’s with AD FS.
07-11-2022 08:00 AM
Ah I see, that makes sense. For good measure, I should make sure you know about our recently released compatibility with Duo Universal Prompt in the Duo AD FS integration.
07-11-2022 12:31 PM
We already run the Duo adapter but we don’t have the " Duo Universal Prompt" enabled, should we?
07-11-2022 01:22 PM
Once you update to version 2.0.0 released in May, your Universal Prompt Progress Report will display App Update Ready
under existing Duo Authentication for Microsoft AD FS apps. New AD FS apps will default to Universal Prompt.
07-11-2022 01:25 PM
Sorry about that we are on version 2.0.0. I just had an older screenshot
10-06-2022 12:15 PM
Just hoping to follow up on this.
The ConnectWise SAML_and_SSO_Frequently_Asked_Questions page states:
“SSO using SAML is only supported with a one-to-one connection with ADFS (Active Directory Federated Service). While it may be possible to integrate using products such as Azure AD, Okta, or DUO, we do not support them at this time.”
Was anyone able to get Managed working with Duo SSO?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide