Duo Access Gateway secures access to cloud applications with your users’ existing directory credentials (like Microsoft Active Directory or Google Apps accounts) using the Security Assertion Markup Language (SAML) 2.0 authentication standard. SAML delegates authentication from a service provider to an identity provider, and is used for single sign-on (SSO) solutions.
Duo provides SAML connectors for enterprise cloud applications like Google Apps, Amazon Web Services, Box, Salesforce and Microsoft Office 365. See the full list of named cloud applications here. We also offer a generic SAML application you can use with any SAML 2.0 service provider.
Protected cloud applications redirect your users to the Duo Access Gateway server on your network. Duo Access Gateway acts as a SAML identity provider (IdP), authenticating your users using your existing primary authentication source for credential verification, and then prompting for two-factor authentication before permitting access to the SAML application.
Duo Access Gateway is part of the Duo Beyond, Duo Access, and Duo MFA plans.
Duo Access Gateway supports local Active Directory (AD) and OpenLDAP directories as identity sources, as well as on-premises or cloud SAML IdPs.
You can also use the Duo Access Gateway with Azure and Google directories or third-party IdPs hosted in the cloud.
Define Duo policies that enforce unique controls for each individual SSO application. For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing Google Apps. Duo checks the user, device, and network against an application's policy before allowing access to the application.
Once you deploy Duo Access Gateway with multiple service providers you can opt to minimize repeated Duo authentication prompts when switching between your SAML applications with shared remembered device policies for SSO.
Duo Access Gateway runs as an IIS virtual site on Windows Server 2012 and later. See the Duo Access Gateway Windows documentation for system requirements and installation instructions.
Duo Access Gateway runs in a Docker container on most modern Linux distributions. See the Duo Access Gateway Linux documentation for system requirements and installation instructions.