Page Comparison

• Tyler ID (TID)

• DUO

• OKTA

• 2 Factor Authentication (2FA)

• Multi-Factor Authentication (MFA)

• Identity Provider

• Federation

Using DUO with Tyler Identity is part of the Tyler Identity Advanced Feature which requires you to work with your Sales Representative to get an a Custom Core IDP licensing estimate before the setup can occur. If you do not know who your sales representative is, please contact TSM Support

DUO Generic SAML setup

1. Sign up for a DUO Account

2. Log into the DUO Admin Panel https://admin.duosecurity.com/login?next=%2F

   1. Navigate to Applications

   2. Click Protect an Application

1. 1. 1. Click Protect an Application

1. 1. 1.  and locate Generic SAML Service Provider

1. 1. 1.  with a protection type of 2FA with SSO hosted by Duo (Single Sign-On) in the applications list.

1. 1. 1. Click Protect to the far right to start

1. 1. 1. configuring Generic SAML Service Provider.

1. 1. 1. See Protecting Applications

1. 1. 1.  for more information about protecting applications in Duo and additional application options. You'll need the information on the Generic SAML Service Provider page

1. 1. 1. under Metadata

1. 1. 1.  later

1. The Metadata

1.  section is where you can get SAML identity provider information about Duo Single Sign-On 

2. Name	Description
   Entity ID	The global, unique name for Duo Single Sign-On. This is sometimes referred to as Issuer
   Single Sign-On URL	The authentication URL for Duo Single Sign-On. This is sometimes referred to as "SSO URL" or "Login URL". This URL can also be used to start IdP-initiated authentications
   Single Log-Out URL	The logout URL for Duo Single Sign-On. This is sometimes referred to as "SLO URL" or "Logout Endpoint". This field is optional
   Metadata URL	This URL can be used by service providers to download the XML metadata from Duo Single Sign-On
   SHA - 1 Fingerprint	The SHA-1 fingerprint of the SAML certificate. Sometimes service providers will request a fingerprint instead of uploading a SAML certificate
   SHA - 256 Fingerprint	The SHA-256 fingerprint of the SAML certificate. Sometimes service providers will request a fingerprint instead of uploading a SAML certificate
   Certificate	The certificate used by the service providers to validate the signature on the SAML response sent by Duo Single Sign-On. Click the Download Certificate button to download a crt file
   SAML Metadata	The XML SAML Metadata is used by service providers to configure the service provider with settings from Duo Single Sign-On. Click the Download XML button to download a xml file

3. Claims required from DUO

4. These claims (user attributes) must be in the SAML assertions returned by Duo; claim names must match the ones below:
   

   1. email

   2. firstName

   3. lastName

Configure Identity Provider in Admin Center

1. Login as an Org Admin to Admin Center and navigate to Identity Workforce e.g. https://<customeridentifier>-admin.tylerportico.com/org/admin-center/identity-workforce/identity-providers

2. Click Add a new provider and select Custom SAML

3. Fill in the information:

   1. Name - descriptive name for the federation

   2. Certificate - click Add certificate and load the certificate downloaded from DUO in previous steps

   3. Idp issuer uri - e.g. https://sso-<alphanumeric1>.sso.duosecurity.com/saml2/idp/

1. 1. <alphanumeric2>

   2. Idp single sign on URL - e.g. https://sso-<alphanumeric1>.sso.duosecurity.com/saml2/idp/<alphanumeric2>/sso

2. Click Next

3. Download the metadata

4. Click Next 

5. Test

1. configuration

MFA/2FA - Set up DUO Universal Prompt

1. Contact OKTA to update the OKTA Application to support Universal Prompt

2. Activate Universal Prompt Experience for users in the Admin Panel