Duo SSO

cside allows you to create an Duo OIDC application and use it to authenticate users into your cside organization.

When you enable Duo SSO, anyone with your company email domain will be forwarded to authenticate with Duo. This means you can use Duo to scope who can access cside, and when you allow someone, they will automatically be added to your cside organization with no permissions.

Requirements:

  • cside Enterprise plan
  • An already setup cside organization - the initial admin (you) will be the first user, and will be converted to SSO upon migration.
  • Admin access to your Duo account

Create a Duo OIDC Application

  1. Go to your Duo Admin console. Head into the Applications > Applications tab.
  2. Click on the "Add application" button.
  3. Search for "Generic OIDC Relying Party"
  4. Click "Add"

Create OIDC Application

Configure Duo OIDC Application

Now we will configure this application to be compatible with cside.

  1. Enter the name of the application as "cside"
  2. Under "User Access", select either "Enable for all users" or "Enable only for permitted groups". If you select the latter, ensure that you add the appropriate groups that should have access to cside.
  3. Scroll past "Metdata" to "Relying Party"
  4. Under "Sign-In Redirect URLs" enter, https://dash.cside.com/auth/callback/oidc
  5. Under "OIDC Response", select the following scopes:
    • openid
    • profile
    • email
  6. Scroll to the bottom and click "Save"

Obtain relevant details

For a cside representative to be able to bind your Duo instance to your cside organization, they need the following pieces of information, some of which we created above.

  1. Client ID (e.g. DKSYWLEY3UDCDGQFXQ0X)
  2. Client Secret (e.g. fWGasdzseflD7tCBEoF1iIu35YfvMyvf6zEaFK1q)
  3. Issuer (Duo Domain, e.g. https://sso-abc12345.sso.duosecurity.com/oidc/DKSYWLEY3UDCDGQFXQ0X or like https://id.cside.dev if you are using a custom domain)
  4. Your companies email domain (this will be used to detect when to use SSO on cside sign in), and must match the users in your Duo instance.

Relevant Details

Share with your cside representative

Once you have these details, share them with your cside representative. They will be able to bind your Duo instance to your cside organization.

Then, the next time you log in, you will be redirected to Duo to authenticate!

Previous

Okta SSO

Next

Content Security Policy (CSP) Reporting Configuration

On this page

Create a Duo OIDC ApplicationConfigure Duo OIDC ApplicationObtain relevant detailsShare with your cside representative