Skip navigation
Documentation

Duo Access Gateway

Duo Access Gateway adds two-factor authentication, complete with inline self-service enrollment and Duo Prompt, to popular cloud services like Salesforce and Google Apps using SAML 2.0 federation.

Overview

Duo Access Gateway secures access to cloud applications with your users’ existing directory credentials (like Microsoft Active Directory or Google Apps accounts) using the Security Assertion Markup Language (SAML) 2.0 authentication standard. SAML delegates authentication from a service provider to an identity provider, and is used for single sign-on (SSO) solutions.

Duo provides SAML connectors for enterprise cloud applications like Google Apps, Amazon Web Services, Box, Salesforce and Microsoft Office 365. See the full list of named cloud applications here. We also offer a generic SAML application you can use with any SAML 2.0 service provider.

Protected cloud applications redirect your users to the Duo Access Gateway server on your network. Your identity provider handles primary authentication, and Duo provides secondary authentication.

Duo Access Gateway is part of the Duo Beyond, Duo Access, and Duo MFA plans.

Duo Access Gateway supports local Active Directory (AD) and OpenLDAP directories as identity sources, as well as on-premises or cloud SAML IdPs.

Duo Access Gateway SAML Login Workflow

You can also use the Duo Access Gateway with Azure and Google directories or third-party IdPs hosted in the cloud.

Duo Access Gateway SAML Login Workflow

Define Duo policies that enforce unique controls for each individual SSO application. For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing Google Apps. Duo checks the user, device, and network against an application's policy before allowing access to the application.

Once you deploy Duo Access Gateway with multiple service providers you can opt to minimize repeated Duo authentication prompts when switching between your SAML applications with shared remembered device policies for SSO.

Duo Access Gateway for Windows

Duo Access Gateway runs as an IIS virtual site on Windows Server 2012, 2012 R2, and 2016. See the Duo Access Gateway Windows documentation for system requirements and installation instructions.

Duo Access Gateway for Linux

Duo Access Gateway runs in a Docker container on most modern Linux distributions. See the Duo Access Gateway Linux documentation for system requirements and installation instructions.

Ready to Get Started?

Sign Up Free