How to Configure SAML 2.0 for Cobalt with Duo
The Duo/Cobalt SAML integration currently supports IdP-initiated SSO
1. Login to Cobalt.
2. Navigate to your Org level by clicking on your Org name:
3. Select the Settings tab
4. In the Settings tab, press Authorization, then press Enable for SAML SSO:
5. Login as administrator to your Duo Access Gateway and click Applications on the left navigation, and then scroll all the way down to the Metadata section. Here you will find the SAML metadata we need to provide in Cobalt:
6. Copy the Entity ID field value to the IDP ISSUER URL field in Cobalt. Copy the SSO URL field value to the IDP TARGET URL field in Cobalt. Then click Download certificate and open up the file in a text editor. Copy the file contents to the IDP CERTIFICATE field on Cobalt. Press Save.
7. Login to Duo Admin Panel and click Applications on the left navigation, and then click Protect an Application.
8. Locate SAML - Service Provider in the list of applications, and then click the Protect this Application link. Now you will see the configuration page the service provider:
9. On the configuration page, fill out the form as follows:
Service provider name: Cobalt
Entity ID: https://api.cobalt.io/users/saml/metadataAssertion Consumer Service: https://api.cobalt.io/users/saml/auth
10. Go back to Cobalt, still on the Settings page, make a copy of your IdP RelayState value marked in red below:
11. Scroll a bit further down on the Duo Service Provider configuration page and you will find the field Default Relay State. Paste the IdP RelayState value from Cobalt into this field:
12. Further down on the same page, verify that the settings match the below values:
13. Scroll a bit further down to the Map attributes section and fill out the fields like in the picture below. Press Save Configuration:
14. Now scroll up to the top of the page and find the Download your configuration file link and click it:
15. Go back to Applications in the Duo Access Gateway administrator panel and upload the configuration file:
16. You will now find the Cobalt application on your Duo Access Gateway launcher page. Click the application icon and it will log you in to Cobalt using SAML: