Configure Duo as the IdP for Umbrella SWG SAML

Available Languages

Download Options

  • PDF     (5.7 KB)
    View with Adobe Reader on a variety of devices
Updated:September 23, 2025
Document ID:224932

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

      

    Introduction

    This document describes how to set up Duo as your identity provider for Umbrella SWG SAML.

    Configuring Duo fo SAML

    In the Duo Admin Portal:

    1. Go to Applications > Protect an Application
    2. Search for “Generic Service Provider” and select “2FA with SSO self - hosted"
    3. Set Entity ID to: saml.gateway.id.swg.umbrella.com
    4. Set Assertion Consumer Service: https://gateway.id.swg.umbrella.com/gw/auth/acs/response
    5. Click Save Configuration
    6. Download the configuration JSON file from the top of the page
    7. Install the Duo Access Gateway: https://duo.com/docs/dag
    8. Import the JSON file from step 7 into the DAG Web UI > Applications
    9. Download the DAG Metadata xml file from the DAG Web UI

    On the Umbrella Dashboard:

    1. Go to Deployments > Configuration > SAML Configuration > Add
    2. Select Duo Security as the SAML Provider and click NEXT
    3. Select XML File Upload and click NEXT
    4. Upload the Duo Access Gateway Metadata file downloaded in step 10
    5. Click NEXT
    6. Set the re-authenticate users period to your required time
    7. Test the configuration and save
    tip-icon

    Tip: Do not need to download the Umbrella Metadata file.

    Revision History

    Revision Publish Date Comments
    1.0
    23-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products