Configure Cisco Duo federated authentication for Arctic Wolf web portals

You can configure Cisco Duo® as a Federated Identity Management (FIM) source for Arctic Wolf® web portals.

These resources are required:

  • Administrator permissions for the Arctic Wolf Unified Portal.

    You must be a primary or secondary contact. If you require this level of access, submit your request to a primary or secondary contact in your organization.

These actions are required:

  • Allowlist all necessary IP addresses. To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.

Add the OIDC application

  1. Sign in to the Duo Admin Panel.
  2. In the navigation menu, click Applications.
  3. Click Protect an Application.
  4. In the Applications list, find Generic OIDC Relying Party with a protection type of 2FA with SSO hosted by Duo (Single Sign-On), and then click Protect.

    The Duo Admin Panel opens the new application properties page.

Gather application and Duo SSO information

  1. Sign in to the Duo Admin Panel.
  2. In the navigation menu, click Application.
  3. In the Metadata section, copy the Client ID, Client secret, and Discovery URL values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
  4. In the Relying Party section, configure these settings:
    • Grant Type — Select the Authentication Code checkbox.
    • Sign-In Redirect URLs — Enter https://auth.arcticwolf.com/login/callback.
  5. In the OIDC Response section, for Scopes, select these checkboxes:
    • openid
    • profile
    • email
  6. Click Save.

Provide your Cisco Duo credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Federated Authentication.
  3. Click Submit New Credentials .
  4. Configure these settings:
    • Account Name — Enter a unique and descriptive name for the account.
    • Issuer URL — Enter the Discovery URL value from the Metadata section of the application properties page.
    • Client ID — Enter the IdP-issued client ID.
    • Client Secret — Enter the IdP-issued client secret.
    • Domain Name — Enter your company email domain name.
    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.
  5. Click Submit Credentials.
  6. To apply the configuration:
    1. When prompted to sign out of the Unified Portal, click Confirm and Logout.
    2. Sign in to the Unified Portal through your identity provider (IdP).