Duo End-user

In this document you are going to set up IDmelon as an external IdP to the Duo-user.

Login to Duo administration panel

Add Identity Provider

  • Click Single Sign-On in the left sidebar, and then if active Required click active and start then click Add Saml Identity Provider.


IDmelon SAML configuration

You should copy values of below fields from the Duo panel to the IDmelon Panel.

  • Copy Entity ID Value
  • Copy Assertion Consumer Service URL


Configure Duo Single Sign-On

  • SAML Identity Provider Configuration

    Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

    1. Choose Custom Display Name
    2. Paste Entity ID : idp_issuer_uri
    3. Paste Single Sign-On URL : idp_single_sign_on_url
    4. Paste Single Single Logout URL : idp_single_sign_on_url
    5. Paste Single Logout Redirect URL : https://duo.com
    6. Import Certificate : idp_certificate_download_url
    7. Choose Username normalization : Simple


  • Click Save
  • Click Duo Central in the left sidebar, and then if active Required click active and start.


  • Click Configuration & Policy
    • Activate : Status to Online
    • Choose : Duo Central name
    • Create your custom subdomain or Use default


Add IDmelon to Duo-user as passwordless and/or one Factor access

  • Scroll down to policy options Click Edit Global Policy


  • Click Authentication policy Choose Bypass 2FA


  • Click Authentication methods then disable all options of 2FA methods.


  • Click Save Policy

API Token

  • Go to Applications
  • Click on Protect an Applications


  • Search for Admin API & Click on Protect


  • Copy values for Protect:
    1. Integration key
    2. Secret key
    3. API hostname


  • Click on Save Changes

Add Application

  • Click Tiles to add applications to your Duo-user dashboard
    • Add tile


  • Choose to Add Applications or Add Bookmarks
  • Example: Add Application tile
    • Choose your custom app


  • Click Add tile
  • All Done.

IDP-Init/SP-Init support

Note that Duo-user doesn’t support IDP-Init