Onboarding and Self-Service

Duo Federated Authentication

Updated Feb 21, 2024

Configure Duo federated authentication for Arctic Wolf web portals

You can configure Duo® as a Federated Identity Management (FIM) source for Arctic Wolf® web portals.


  1. Add the OIDC application.
  2. Gather application and Duo SSO information.
  3. Configure the application properties.
  4. Provide your Duo credentials to Arctic Wolf.

Step 1: Add the OIDC application

  1. Sign in to the Duo Admin Panel.

  2. In the navigation menu, click Applications.

  3. Click Protect an Application.

  4. In the Applications list, find Generic OIDC Relying Party with a protection type of 2FA with SSO hosted by Duo (Single Sign-On), and then click Protect.

    The Duo Admin Panel opens the new application properties page.

Step 2: Gather application and Duo SSO information

  1. Sign in to the Duo Admin Panel.
  2. In the navigation menu, click Application.
  3. In the Metadata section, copy the Client ID, Client secret, and Issuer values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
  4. In the Relying Party section, configure these settings:
    • Grant Type — Select the Authentication Code checkbox.
    • Sign-In Redirect URLs — Enter https://auth.arcticwolf.com/login/callback.
  5. In the OIDC Response section, for Scopes, select these checkboxes:
    • openid
    • profile
    • email
  6. Click Save.

Step 4: Provide your Duo credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Federated Authentication.

  5. Click OpenID Connect.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account. For example, enter Okta SSO or OneLogin ODIC Connector.

    • Issuer URL — Enter the Discovery URL value from the Metadata section of the application properties page.

    • Client ID — Enter the IdP-issued client ID.

    • Client Secret — Enter the IdP-issued client secret.

    • Domain Name — Enter your company email domain name.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and Submit Credentials.

    Arctic Wolf automatically receives a ticket to complete the federated authentication setup. You receive a confirmation Zendesk email when the account setup is complete.

See also