Duo SSO

c/side allows you to create an Duo OIDC application and use it to authenticate users into your c/side organization.

When you enable Duo SSO, anyone with your company email domain will be forwarded to authenticate with Duo. This means you can use Duo to scope who can access c/side, and when you allow someone, they will automatically be added to your c/side organization with no permissions.

Requirements:

  • c/side Enterprise plan
  • An already setup c/side organization - the initial admin (you) will be the first user, and will be converted to SSO upon migration.
  • Admin access to your Duo account

Create a Duo OIDC Application

  1. Go to your Duo Admin console. Head into the Applications > Applications tab.
  2. Click on the "Add application" button.
  3. Search for "Generic OIDC Relying Party"
  4. Click "Add"

Create OIDC Application

Configure Duo OIDC Application

Now we will configure this application to be compatible with c/side.

  1. Enter the name of the application as "c/side"
  2. Under "User Access", select either "Enable for all users" or "Enable only for permitted groups". If you select the latter, ensure that you add the appropriate groups that should have access to c/side.
  3. Scroll past "Metdata" to "Relying Party"
  4. Under "Sign-In Redirect URLs" enter, https://cside.dev/auth/callback/oidc
  5. Under "OIDC Response", select the following scopes:
    • openid
    • profile
    • email
  6. Scroll to the bottom and click "Save"

Obtain relevant details

For a c/side representative to be able to bind your Duo instance to your c/side organization, they need the following pieces of information, some of which we created above.

  1. Client ID (e.g. DKSYWLEY3UDCDGQFXQ0X)
  2. Client Secret (e.g. fWGasdzseflD7tCBEoF1iIu35YfvMyvf6zEaFK1q)
  3. Issuer (Duo Domain, e.g. https://sso-abc12345.sso.duosecurity.com/oidc/DKSYWLEY3UDCDGQFXQ0X or like https://id.cside.dev if you are using a custom domain)
  4. Your companies email domain (this will be used to detect when to use SSO on c/side sign in), and must match the users in your Duo instance.

Relevant Details

Share with your c/side representative

Once you have these details, share them with your c/side representative. They will be able to bind your Duo instance to your c/side organization.

Then, the next time you log in, you will be redirected to Duo to authenticate!

Previous

Okta SSO

Next

Content Security Policy (CSP) Reporting Configuration

On this page

Create a Duo OIDC ApplicationConfigure Duo OIDC ApplicationObtain relevant detailsShare with your c/side representative