Duo Single Sign-On for SolarWinds Security Event Manager
Last updated:
Overview
As business applications move from on-premises to cloud hosted solutions, users experience password fatigue due to disparate logons for different applications. Single sign-on (SSO) technologies seek to unify identities across systems and reduce the number of different credentials a user has to remember or input to gain access to resources.
While SSO is convenient for users, it presents new security challenges. If a user's primary password is compromised, attackers may be able to gain access to multiple resources. In addition, as sensitive information makes its way to cloud-hosted services it is even more important to secure access by implementing two-factor authentication and zero-trust policies.
About Duo Single Sign-On
Duo Single Sign-On is our cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of SolarWinds Security Event Manager logins. Duo Single Sign-On acts as an identity provider (IdP), authenticating your users using existing on-premises Active Directory (AD) or another SSO IdP. Duo SSO prompts users for two-factor authentication and performs endpoint assessment and verification before permitting access to SolarWinds Security Event Manager.
Duo Single Sign-On is available in Duo Premier, Duo Advantage, and Duo Essentials plans, which also include the ability to define policies that enforce unique controls for each individual SSO application. For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing SolarWinds Security Event Manager. Duo checks the user, device, and network against an application's policy before allowing access to the application.
Configure Single Sign-On
Before configuring SolarWinds Security Event Manager with Duo SSO using Security Assertion Markup Language (SAML) 2.0 authentication you'll first need to configure a working authentication source.
Once you have your SSO authentication source working, continue to the next step of creating the SolarWinds Security Event Manager application in Duo.
Create the SolarWinds Security Event Manager Application in Duo
-
Log in to the Duo Admin Panel and navigate to Applications → Application Catalog.
-
Locate the entry for SolarWinds Security Event Manager with the "SSO" label in the catalog. Click the + Add button to start configuring SolarWinds Security Event Manager. See Protecting Applications for more information about protecting applications with Duo and additional application options. You'll need the information on the SolarWinds Security Event Manager page under Downloads later.
-
No active Duo users can log in to new applications until you grant access. Update the User access setting to grant access to this application to users in selected Duo groups, or to all users. Learn more about user access to applications. If you do not change this setting now, be sure to update it so that your test user has access before you test your setup.
This setting only applies to users who exist in Duo with "Active" status. This does not affect application access for existing users with "Bypass" status, existing users for whom the effective Authentication Policy for the application specifies "Bypass 2FA" or "Skip MFA", or users who do not exist in Duo when the effective New User Policy for the application allows access to users unknown to Duo without MFA. -
SolarWinds Security Event Manager uses the Mail attribute, First name attribute, and Last name attribute when authenticating. We've mapped these attributes to external authentication source attributes as follows:
Default Attribute Active Directory SAML IdP <Email Address> mail Email <First Name> givenName FirstName <Last Name> sn LastName If you are using non-standard attributes for your authentication source, check the Custom attributes box and enter the name of the attributes you wish to use instead.
-
You can adjust additional settings for your new SAML application at this time — like changing the application's name from the default value, enabling self-service, or assigning a group policy.
-
Keep the Duo Admin Panel tab open. You will come back to it later.
Duo Universal Prompt
The Duo Universal Prompt provides a simplified and accessible Duo login experience for web-based applications, offering a redesigned visual interface with security and usability enhancements.
| Universal Prompt | Traditional Prompt |
 |
 |
The Duo SolarWinds Security Event Manager application supports the Universal Prompt by default, so there's no additional action required on your part to start using the newest authentication experience.
Activate Universal Prompt
Activation of the Universal Prompt is a per-application change. Activating it for one application does not change the login experience for your other Duo applications. Universal Prompt is already activated for new SolarWinds Security Event Manager applications at creation.
The "Universal Prompt" area of the application details page shows that this application's status is "Activation complete", with these activation control options:
- Show traditional prompt: Your users experience Duo's traditional prompt via redirect when logging in to this application.
- Show new Universal Prompt: (Default) Your users experience the Universal Prompt via redirect when logging in to this application.
The application's Universal Prompt status shows "Activation complete" both here and on the Universal Prompt Update Progress report.
For the time being, you may change this setting to Show traditional prompt to use the legacy experience. Keep in mind that support for the traditional Duo prompt ended for the majority of applications in March 2024. This option will be removed in the future.
Universal Update Progress
Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications. You can also activate the new prompt experience for multiple supported applications from the report page instead of visiting the individual details pages for each application.
Enable SolarWinds Security Event Manager for SSO
-
Log into your SolarWinds Security Event Manager application as an administrator.
-
In the top-right corner of the page, click the gear icon. The "Settings" page opens.
-
In the sidebar menu, click AUTHENTICATION.
-
Click the SAML SSO tab.
-
Click Configure SAML SSO. The "Configure SAML SSO" window opens.
-
Under "SERVICE PROVIDER (SP) SETTINGS", copy the Entity ID (Audience URI) and paste it into the Duo Admin Panel Entity ID (Audience URI) field, under "Service Provider".
-
In the Duo Admin Panel under "Downloads", click Download XML.
-
Return to SolarWinds Security Event Manager. Under "IDENTITY PROVIDER (IDP) SETTINGS", click Browse file and open the XML file you downloaded from the Duo Admin Panel earlier.
-
In SolarWinds Security Event Manager under "ROLE TO GROUP MAPPING", copy one of the following roles and paste it into the Duo Admin Panel SolarWinds Security Event Manager role name field, under "Service Provider":
-
SEM_ADMINS role in the Admin role field.
-
SEM_AUDITORS role in the Audit role field.
-
SEM_GUESTS role in the Guest role field.
-
SEM_MONITORS in the Monitor role field.
-
-
In the Duo Admin Panel, click the Duo groups drop-down menu and select the Duo group to map.
-
If you want to map additional SolarWinds Security Event Manager roles to Duo groups, click + next to the Duo groups drop-down menu.
-
Repeat steps 9, 10, and 11 for each additional SolarWinds Security Event Manager role you want to map, as required.
-
In the Duo Admin Panel, scroll down to the bottom of the page and click Save.
-
Return to SolarWinds Security Event Manager. Click Save. The "Enable SAML SSO?" pop-up window opens.
-
Click Enable.
Learn more about SolarWinds Security Event Manager SSO at SolarWinds Customer Success.
Using SSO
You can log on to SolarWinds Security Event Manager by navigating to your SolarWinds Security Event Manager SSO page e.g., https://192.168.11.123/webui/auth. Click Log in with SSO to be automatically redirected to Duo Single Sign-On to begin authentication.
Active Directory Login
With Active Directory as the Duo SSO authentication source, enter the primary username (email address) on the Duo SSO login page and click or tap Next.
Enter the AD primary password and click or tap Log in to continue.
Enable Duo Passwordless to log in to Duo SSO backed by Active Directory authentication without entering a password in the future.
SAML Login
The SAML login experience depends on your Duo SSO routing rules configuration.
With another SAML identity provider as the only enabled Duo SSO authentication source and the default routing rule in place, Duo SSO immediately redirects the login attempt to that SAML IdP for primary authentication. Users do not see the Duo SSO primary login screen.
If you have multiple enabled SAML authentication sources or custom routing rules in place, then users enter their primary username (email address) on the Duo SSO login page and then will be redirected to the correct external SAML identity provider.
Duo Authentication
Successful verification of your primary credentials by Active Directory or a SAML IdP redirects back to Duo. Complete Duo two-factor authentication when prompted and then you'll return to SolarWinds Security Event Manager to complete the login process.
* Universal Prompt experience shown.
You can also log into SolarWinds Security Event Manager using Duo Central, our cloud-hosted portal which allows users to access all of their applications in one spot. Link to SolarWinds Security Event Manager in Duo Central by adding it as an application tile. Once the tile has been added, log into Duo Central and click the tile for IdP-initiated authentication to SolarWinds Security Event Manager.
Congratulations! Your SolarWinds Security Event Manager users now authenticate using Duo Single Sign-On.
See the full user login experience, including expired password reset (available for Active Directory authentication sources) in the Duo End User Guide for SSO.
Grant Access to Users
If you did not already grant user access to the Duo users you want to use this application be sure to do that before inviting or requiring them to log in with Duo.
Enforce SSO
You can require that all users sign into SolarWinds Security Event Manager using Duo Single Sign-On.
-
Log into your SolarWinds Security Event Manager application as an administrator.
-
In the top-right corner of the page, click the gear icon. The "Settings" page opens.
-
In the sidebar menu, click AUTHENTICATION.
-
Click the LOGIN OPTIONS tab.
-
Under "SSO AUTHENTICATION", click the SSO only authentication toggle switch to ON. The "Enable SSO only authentication?" pop-up window opens.
-
Click Enable.
Enable Remembered Devices
To minimize additional Duo two-factor prompts when switching between SolarWinds Security Event Manager and your other Duo Single Sign-On SAML applications, be sure to apply a shared "Remembered Devices" policy to your SAML applications.
Automated Provisioning
This application does not support automated creation and management of users and groups from Duo using SCIM 2.0 provisioning.
Troubleshooting
Need some help? Try searching our Knowledge Base articles or Community discussions. For further assistance, contact Support.