Cisco Duo SSO Integration Guide

Note on upcoming official Cisco Duo integration

We have already applied to become an official Cisco Duo Technology Partner so TrustWorks can appear directly in the Duo marketplace (https://ecosystem.duo.com/en-US/home). This would allow seamless setup without selecting the Generic SAML Service Provider.

For this approval, we might need your support in contacting your Cisco Duo representative so they can review and approve our application. For now, follow the steps below using the Generic configuration.

This guide walks you through how to configure Cisco Duo Single Sign On with TrustWorks.

Step 1: Open Cisco Duo Admin Console

Go to your Duo Admin dashboard, then navigate:

Applications → Manage → Applications

Step 2: Add a New Application

Click + Add Application.

Step 3: Select Generic SAML Service Provider

In the catalog, search for Generic SAML Service Provider and click Add.

Step 4: Configure SAML Settings

Give the application a name such as:

TrustWorks SAML – Single Sign-On

Service Provider Configuration

Enter the following values:

  • Entity ID: trustworks.io
  • ACS URL: https://api.trustworks.io/v1.0/saml/cisco_duo/callback

SAML Response

Leave all default settings, except map the attributes as:

IdP Attribute SAML Attribute
<First Name> first_name
<Last Name> last_name

Scroll down and click Save.

Step 5: Configure Cisco Duo in TrustWorks

In TrustWorks (admin only):

Go to:

Settings → Integrations → New Integration

Select Cisco Duo, give it a name, and choose SAML as the Authentication Method.

Fill in the Identity Provider (IdP) Settings

You will copy values from the Duo application you created.

From the Metadata section:

  • Single Sign-On URL
  • Entity ID

From Downloads:

Click Copy Certificate and paste it into the certificate field in TrustWorks.

⚠️ Important: remove the following lines before pasting:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Optional Additional Settings

  • Default Role: Leave empty to assign Contributor to new users
  • Enable "Allow only Cisco Duo access" if you want to disable TrustWorks password login

Once complete, click:

  1. Test connection
  2. Save

You’re Done!

The integration should now be active. If you run into issues, contact your TrustWorks admin.

Still need help? Contact Us Contact Us