Page Comparison

• Tyler ID (TID)
• DUO
• OKTA
• 2 Factor Authentication (2FA)
• Multi-Factor Authentication (MFA)
• Identity Provider
• Federation

Using DUO with Tyler Identity is part of the Tyler Identity Advanced Feature which requires you to work with your Sales Representative to get an estimate before the setup can occur. If you do not know who your sales representative is, please contact TSM Support

DUO Generic SAML setup

1. Sign up for a DUO Account
2. Log into the DUO Admin Panel https://admin.duosecurity.com/login?next=%2F
   1. Navigate to Applications
   2. Click Protect an Application
   Click 

   1. 1. 1. Click Protect an Application

    and locate 

   1. 1. 1.  and locate Generic SAML Service Provider

    with

   1. 1. 1.  with a protection type of 2FA with SSO hosted by Duo (Single Sign-On) in the applications list.

   Click Protect 

   1. 1. 1. Click Protect to the far right to start

   configuring Generic

   1. 1. 1. configuring Generic SAML Service Provider.

   See 

   1. 1. 1. See Protecting Applications

    for

   1. 1. 1.  for more information about protecting applications in Duo and additional application options. You'll need the information on the Generic SAML Service Provider page

   under 

   1. 1. 1. under Metadata

    later

   1. 1. 1.  later

   The 

   1. The Metadata

    section

   1.  section is where you can get SAML identity provider information about Duo Single Sign-On 

   2. Name	Description
      Entity ID	The global, unique name for Duo Single Sign-On. This is sometimes referred to as Issuer
      Single Sign-On URL	The authentication URL for Duo Single Sign-On. This is sometimes referred to as "SSO URL" or "Login URL". This URL can also be used to start IdP-initiated authentications
      Single Log-Out URL	The logout URL for Duo Single Sign-On. This is sometimes referred to as "SLO URL" or "Logout Endpoint". This field is optional
      Metadata URL	This URL can be used by service providers to download the XML metadata from Duo Single Sign-On
      SHA - 1 Fingerprint	The SHA-1 fingerprint of the SAML certificate. Sometimes service providers will request a fingerprint instead of uploading a SAML certificate
      SHA - 256 Fingerprint	The SHA-256 fingerprint of the SAML certificate. Sometimes service providers will request a fingerprint instead of uploading a SAML certificate
      Certificate	The certificate used by the service providers to validate the signature on the SAML response sent by Duo Single Sign-On. Click the Download Certificate button to download a crt file
      SAML Metadata	The XML SAML Metadata is used by service providers to configure the service provider with settings from Duo Single Sign-On. Click the Download XML button to download a xml file

   3. Claims required from DUO
   4. These claims (user attributes) must be in the SAML assertions returned by Duo; claim names must match the ones below:
      
      1. email
      2. firstName
      3. lastName

   
   

   Configure Identity Provider in Admin Center

   1. Login as an Org Admin to Admin Center and navigate to Identity Workforce e.g. https://<customeridentifier>-admin.tylerportico.com/org/admin-center/identity-workforce/identity-providers
   2. Click Add a new provider and select Custom SAML
   3. Fill in the information:
      1. Name - descriptive name for the federation
      2. Certificate - click Add certificate and load the certificate downloaded from DUO in previous steps
      3. Idp issuer uri - e.g. https://sso-<alphanumeric1>.sso.duosecurity.com/saml2/idp/<alphanumeric2>
      4. Idp single sign on URL - e.g. https://sso-<alphanumeric1>.sso.duosecurity.com/saml2/idp/<alphanumeric2>/sso
   4. Click Next
   5. Download the metadata
   6. Click Next 
   7. Test onfiguration

   MFA/2FA - Set up DUO Universal Prompt

   1. Contact OKTA to update the OKTA Application to support Universal Prompt
   2. Activate Universal Prompt Experience for users in the Admin Panel