Skip to main content

Configuring Dataedo with Duo

This guide walks you through setting up Dataedo to work with a SAML identity provider. We'll use Duo as an example, but the steps are similar for other providers.

Initial configuration in Duo Admin Portal

  1. Open the Duo Admin Portal and navigate to Enterprise Applications.

  2. Select Applications and click Protect an Application.

  3. In the filter box, type "generic saml" and click Protect next to Generic SAML Service Provider.

  4. On the new page:

    • In the Entity ID field, enter a unique identifier (e.g., the address of your Dataedo Portal). You'll use this value later.

    • In the Assertion Consumer Service (ACS) URL field, enter the Dataedo Portal URL followed by /api/api/auth/assertion-consumer. Example: https://your-dataedo-web.address/api/api/auth/assertion-consumer.

  5. Under Settings, specify the display name for users during login.

  6. Configure user access as needed and click Save.

  7. At the top of the page, copy the Metadata URL from the Metadata section. You’ll use this later.

Configuring SAML in Dataedo Portal (Windows)

  1. Locate the installation folder for Dataedo Portal (default path is: C:\Dataedo Portal\Applications\API\)

  2. Open the appsettings.json file and locate the Saml2 section:

    # This sample contains inline comments for explanation purposes.
    # JSON is a strict format and does not support comments.
    # Remove all comments (#) before using this configuration in your environment.
    {
    "Saml2": {
        # Enter the Metadata URL copied from the Duo Admin Portal or the path to the downloaded metadata file.
        # Example: https://your-duo-idp-metadata-url
        "IdPMetadata": "",

        # Use the Entity ID configured in the Duo Admin Portal.
        "Issuer": "",

        # Default: RSA_SHA256. Change if using another signature algorithm.
        # For RSA_SHA1, use http://www.w3.org/2001/04/xmldsig-more#rsa-sha1
        "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",

        # Certificate validation mode. Default is ChainTrust.
        "CertificateValidationMode": "ChainTrust",

        # Revocation mode. Default is NoCheck.
        "RevocationMode": "NoCheck"
    },
    "Saml2Client": {
        # Enter the name displayed during login.
        # Example: Duo Security
        "DisplayName": "Duo Security",

        # Enter your Dataedo Portal address.
        # Example: https://your-dataedo-web.address
        "ClientUrl": "https://your-dataedo-web.address"
    }
    }

  3. Go to IIS Manager, and restart the Dataedo Portal app for changes to take effect.

  4. If you open Dataedo Portal, you'll see an option to log in with Duo:

  5. Clicking it will either take you to the Duo login page or, if you’re already logged in, directly to your Dataedo Portal page.

Configuring SAML in Dataedo Portal Docker image

  1. Open the .env file (located in the same folder as docker-compose.yml) and find the Single Sign-On section:

    # Single Sign On Configuration
    # Add the following settings to your environment file.

    # Paste the Metadata URL copied from Duo Admin Portal or the file path to the metadata XML.
    # Example: https://sso-a06d2d5e.sso.duosecurity.com/saml2/sp/DI7SDPCIHNSN9MOYP7QK/metadata
    DATAEDO_SSO_IDP_METADATA="https://sso-a06d2d5e.sso.duosecurity.com/saml2/sp/DI7SDPCIHNSN9MOYP7QK/metadata"

    # Enter the Entity ID configured in Duo Admin Portal.
    # Example: Dataedo_PT_VM
    DATAEDO_SSO_ISSUER="Dataedo_PT_VM"

    # Default: RSA_SHA256. Change if using another signature algorithm.
    # For RSA_SHA1, use http://www.w3.org/2001/04/xmldsig-more#rsa-sha1
    DATAEDO_SSO_SIGNATURE_ALGORITHM=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

    # Certificate validation mode. Default is ChainTrust.
    DATAEDO_SSO_CERTIFICATE_VALIDATION_MODE=ChainTrust

    # Revocation mode. Default is NoCheck.
    DATAEDO_SSO_REVOCATION_MODE=NoCheck

    # Enter the display name shown during login.
    # Example: Duo_Security (no blank spaces, use underscores if needed)
    DATAEDO_SSO_DISPLAY_NAME="Duo_Security"

    # Enter your Dataedo Web address.
    # Example: https://yourwebsite.com/
    DATAEDO_SSO_CLIENT_URL="https://yourwebsite.com/"

  2. Save the .env file and restart the Docker containers by running the following command:

    docker-compose down && docker-compose up -d

Testing the SAML integration

  1. Open the Dataedo Portal login page in your browser.
  2. You'll see the option to log in with your configured SAML provider (Duo Security).
  3. Log in using a user account managed by your Duo configuration.
  4. Verify successful login and access to the Dataedo Portal.

With these steps, you’ve successfully configured Duo as a SAML Identity Provider for Dataedo!

Need help?

If you run into any problems or have questions, reach out to Dataedo support.

On this page
Dataedo LogoDataedo Logo
If you have any questions or need assistance, feel free to reach out to the Dataedo support team.
Dataedo support