sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add duo security idp sso (#511)

Browse Source
This commit is contained in:
Bethuel Mmbaga
2025-12-12 18:53:43 +03:00
committed by GitHub
parent db480cbba4
commit a2f787134f
6 changed files with 78 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-basic-configuration.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

BIN
public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-oidc-response.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 134 KiB

BIN
public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-relying-party.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 152 KiB

BIN
public/docs-static/img/manage/team/single-sign-on/duo-idp/duo-select-application.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB

71
src/pages/manage/team/single-sign-on/duo-security.mdx Normal file
View File

@@ -0,0 +1,71 @@
import {Note} from "@/components/mdx";
# Duo Security on NetBird Cloud
You can use Duo Security as your Identity Provider with NetBird, but it will require some additional configuration steps. Duo Security is a cloud-based security platform that provides secure access through single sign-on (SSO), multi-factor authentication (MFA), and device trust. Duo offers comprehensive identity verification and access policies to protect applications and data.
<Note>
Support for OIDC-compliant IdPs is available on the Team plan and higher.
The Free plan supports Google, Microsoft, and social logins.
</Note>
## Prerequisites
Before you start using Duo Single Sign-On, make sure to meet all the requirements described below:
- A Duo Admin with the Owner, Administrator, or Application Manager role
## Step 1: Create a new OIDC Application
Log in to the [Duo Admin Panel](https://admin.duosecurity.com/). Navigate to **Applications** in the left sidebar, then click **Applications**. Click **+ Add Application** which will open the Application Catalog. Search for **Generic OIDC**, then click **+ Add** next to it.
<p>
<img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-select-application.png" alt="duo-select-application" className="imagewrapper-big"/>
</p>
## Step 2: Configure Basic Settings
Configure the Basic Configuration section with the following settings:
- **Application name**: NetBird
- **Application Type**: Generic OIDC Relying Party - Single Sign-On
- **User access**: `Enable for all users` (if applicable to all users) or `Enable only for permitted groups` (for fine-grained access control)
<p>
<img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-basic-configuration.png" alt="duo-basic-configuration" className="imagewrapper-big"/>
</p>
## Step 3: Configure Relying Party Settings
Configure the Relying Party section with the following settings:
- **Grant Type**: Authorization Code, Refresh Tokens
- **Sign-In Redirect URLs**: `https://login.netbird.io/login/callback`
<p>
<img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-relying-party.png" alt="duo-relying-party" className="imagewrapper-big"/>
</p>
## Step 4: Configure OIDC Response
Configure the OIDC Response section with the following scopes:
- **Scopes**: openid, profile, email
<p>
<img src="/docs-static/img/manage/team/single-sign-on/duo-idp/duo-oidc-response.png" alt="duo-oidc-response" className="imagewrapper-big"/>
</p>
Click **Save** to complete the application configuration.
## Step 5: Share Information with NetBird Support
From the application metadata, copy the **Client ID**, **Client Secret**, and **Discovery URL**. Share the following information with the NetBird support team at support@netbird.io:
- **Client ID**
- **Client Secret**
- **Discovery URL**
- **Email domains for your users**
<Note>
We recommend using a secure channel to share the Client Secret. You can send a separate email and use a secret sharing service like: <br/>
- https://onetimesecret.com/en/ <br/>
- https://password.link/en <br/>
</Note>

8
src/pages/manage/team/single-sign-on/index.mdx
View File

@@ -68,4 +68,10 @@ to integrate with NetBird. Below are the steps to set up different OIDC-complian
[Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that offers extensive customization options, developer-friendly APIs, universal login, social identity providers, and advanced security features like anomaly detection and breached password detection. [Auth0](https://auth0.com/) is a flexible, drop-in solution to add authentication and authorization services to your applications. It's a managed service that offers extensive customization options, developer-friendly APIs, universal login, social identity providers, and advanced security features like anomaly detection and breached password detection.
<Button href="/manage/team/single-sign-on/auth0" variant="outline">Setup Auth0</Button> <Button href="/manage/team/single-sign-on/auth0" variant="outline">Setup Auth0</Button>
### Duo Security
[Duo Security](https://duo.com/) is a cloud-based security platform that provides secure access through single sign-on (SSO), multi-factor authentication (MFA), and device trust. Duo offers comprehensive identity verification and access policies to protect applications and data, with a focus on zero-trust security architecture.
<Button href="/manage/team/single-sign-on/duo-security" variant="outline">Setup Duo Security</Button>