Configuring SSO for Duo

Follow the below instructions to configure SSO for your Quoter account using Duo as the SAML identity provider.

Prerequisites

  • You must be subscribed to our Pro or Enterprise plans

  • You must be an Account Owner to configure SSO for your Quoter account.

  • Ensure your users are provisioned in the identity provider (Duo), with exactly the same email address as their Quoter account. We don’t create user accounts under SSO.

  • Before turning this feature on, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in using two separate browsers.

Configuring Duo

1. Log onto the Duo Admin Panel and navigate to Applications > Protect an Application in the left-hand menu.

2. Type service provider in the search field and click Protect the Application in the search return.

3. In the Service Provider section of the configuration page, enter the following information:

  • Service Provider Name: Quoter

  • Entity ID: subdomain.quoter.com

  • Assertion Consumer Service: subdomain.quoter.com/users/login_saml

4. In the SAML Response section, use the settings shown below:

  • NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  • NameID attribute: mail

  • Send attributes: NameID

  • Signature algorithm: SHA-1

  • Sign response: Enable Cryptographically sign response for verification by your service provider

  • Sign assertion: Enable Cryptographically sign assertion for verification by your service provider

5. Save the application and click on Download your configuration file.

6. Navigate to the Duo Access Gateway server's console and click the Configure icon in the Duo Access Gateway application group.

7. Click Applications and then on Choose File in the Add Applications section. Locate and upload the SAML application JSON file you downloaded in step 5.

8. Navigate back to the Duo Access Gateway page admin console's Applications page. You will need the information in the Metadata section in the next part of this KB article.

Configuring Quoter

After setting up Duo, you need to configure your Quoter account to authenticate using SAML. You will need a few pieces of information from Duo to complete this step.

Important. It's highly recommended that before you begin the below set of instructions, you log in to your Quoter account twice - once in a regular browser and once in an incognito/private window.

Alternatively, you can also log in to two separate browsers to ensure that you are still logged in to your account in case you are locked out in the other window.

1. Log in to Quoter and click Account in the top navigation bar.

2. Click Authentication and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. you will need to collect information from Duo and enter it into this form.

  • Copy the Duo Entity ID and paste it into the Quoter Issuer (Entity ID) field.

  • Copy the Duo Login URL and paste it into the Quoter SAML Login URL field.

  • Copy the Duo Logout URL and paste it into the Quoter SAML Logout URL field.

  • Download the Duo certificate and paste it into the Quoter Certificate field. Important: Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).

3. Click Save to complete the setup of your account only when all information has been entered. If you turn on SSO before the information is entered, it will break the login experience for all users on your account.

Once you make this change, you can test your account.

Did this answer your question?