Add duo security idp sso (#511)

2026-04-15 23:16:36 +00:00 · 2025-12-12 18:53:43 +03:00
parent db480cbba4
commit a2f787134f
6 changed files with 78 additions and 1 deletions
--- a/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-basic-configuration.png
+++ b/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-basic-configuration.png
--- a/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-oidc-response.png
+++ b/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-oidc-response.png
--- a/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-relying-party.png
+++ b/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-relying-party.png
--- a/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-select-application.png
+++ b/public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-select-application.png
--- a/src/pages/manage/team/single-sign-on/duo-security.mdx
+++ b/src/pages/manage/team/single-sign-on/duo-security.mdx
@@ -0,0 +1,71 @@
+import {Note} from "@/components/mdx";
+
+# Duo Security on NetBird Cloud
+
+You can use Duo Security as your Identity Provider with NetBird, but it will require some additional configuration steps. Duo Security is a cloud-based security platform that provides secure access through single sign-on (SSO), multi-factor authentication (MFA), and device trust. Duo offers comprehensive identity verification and access policies to protect applications and data.
+
+<Note>
+    Support for OIDC-compliant IdPs is available on the Team plan and higher.
+    The Free plan supports Google, Microsoft, and social logins.
+</Note>
+
+## Prerequisites
+
+Before you start using Duo Single Sign-On, make sure to meet all the requirements described below:
+
+- A Duo Admin with the Owner, Administrator, or Application Manager role
+
+## Step 1: Create a new OIDC Application
+
+Log in to the [Duo Admin Panel](https://admin.duosecurity.com/). Navigate to **Applications** in the left sidebar, then click **Applications**. Click **+ Add Application** which will open the Application Catalog. Search for **Generic OIDC**, then click **+ Add** next to it.
+
+<p>
+    <img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-select-application.png" alt="duo-select-application" className="imagewrapper-big"/>
+</p>
+
+## Step 2: Configure Basic Settings
+
+Configure the Basic Configuration section with the following settings:
+- **Application name**: NetBird
+- **Application Type**: Generic OIDC Relying Party - Single Sign-On
+- **User access**: `Enable for all users` (if applicable to all users) or `Enable only for permitted groups` (for fine-grained access control)
+
+<p>
+    <img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-basic-configuration.png" alt="duo-basic-configuration" className="imagewrapper-big"/>
+</p>
+
+## Step 3: Configure Relying Party Settings
+
+Configure the Relying Party section with the following settings:
+- **Grant Type**: Authorization Code, Refresh Tokens
+- **Sign-In Redirect URLs**: `https://login.netbird.io/login/callback`
+
+<p>
+    <img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-relying-party.png" alt="duo-relying-party" className="imagewrapper-big"/>
+</p>
+
+## Step 4: Configure OIDC Response
+
+Configure the OIDC Response section with the following scopes:
+- **Scopes**: openid, profile, email
+
+<p>
+    <img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-oidc-response.png" alt="duo-oidc-response" className="imagewrapper-big"/>
+</p>
+
+Click **Save** to complete the application configuration.
+
+## Step 5: Share Information with NetBird Support
+
+From the application metadata, copy the **Client ID**, **Client Secret**, and **Discovery URL**. Share the following information with the NetBird support team at support@netbird.io:
+
+- **Client ID**
+- **Client Secret**
+- **Discovery URL**
+- **Email domains for your users**
+
+<Note>
+We recommend using a secure channel to share the Client Secret. You can send a separate email and use a secret sharing service like: <br/>
+- https://onetimesecret.com/en/ <br/>
+- https://password.link/en <br/>
+</Note>
--- a/src/pages/manage/team/single-sign-on/index.mdx
+++ b/src/pages/manage/team/single-sign-on/index.mdx
@@ -68,4 +68,10 @@ to integrate with NetBird. Below are the steps to set up different OIDC-complian

 [Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that offers extensive customization options, developer-friendly APIs, universal login, social identity providers, and advanced security features like anomaly detection and breached password detection.

-<Button href="/manage/team/single-sign-on/auth0" variant="outline">Setup Auth0</Button>
+<Button href="/manage/team/single-sign-on/auth0" variant="outline">Setup Auth0</Button>
+
+### Duo Security
+
+[Duo Security](https://duo.com/) is a cloud-based security platform that provides secure access through single sign-on (SSO), multi-factor authentication (MFA), and device trust. Duo offers comprehensive identity verification and access policies to protect applications and data, with a focus on zero-trust security architecture.
+
+<Button href="/manage/team/single-sign-on/duo-security" variant="outline">Setup Duo Security</Button>