Skip to main content
SSO with Duo Security

Steps to take to enable SAML SSO connection with Salto SP using Duo as MFA/IdP Proxy

Support avatar
Written by Support
Updated over a week ago

SSO is an Enterprise feature - If you are not an Enterprise customer, please contact

Cisco Duo Security is a Multi-factor Authentication service.

In order to establish a SAML-based SSO to Salto using Cisco Duo Security as the Identity Provider (or authentication proxy), you need to follow these steps in your Duo Security management:

  1. Obtain a unique Connection Name from Salto (via Support or your Customer Success rep), that will be used to identify your connections (usually hyphenated domain name, e.g. β†’ my-domain-com).

  2. Go to Applications β†’ Protect an Application β†’ Generic SAML Service Provider

    1. Enter a name (e.g. "Salto SSO")

  3. Continue to Configure β†’ Manually Enter

    • ACS URL:

    • Entity ID: urn:auth0:salto:REPLACE_ME

    • The REPLACE_ME should be replaced with the unique Connection Name from the first step

  4. Save the application

  5. Download XML and send to Salto

Let us know also the full list of domains where your users will be logging in from (e.g.,, etc.)

If you have partners that are going to work on your Salto account, we strongly recommend creating dedicated email addresses for them on your domain or sub-domain (e.g.

Did this answer your question?