Enhance user authentication in Coefficient by integrating with Duo Single Sign-On (SSO), enabling IT and security teams to centrally manage and secure access across the organization.
Most organizations rely on Google Workspace or Microsoft for authentication, but Coefficient now also supports authentication through Duo SSO. With this integration enabled, all users must log in through your Duo SSO provider before accessing Coefficient. This ensures stronger security controls, improved access management, and a consistent login experience for your team.
*This feature is for Enterprise Plans Only*
Setting up Duo for Coefficient
Managing access to Coefficient
Granting access to Coefficient
Revoking access to Coefficient
Setting up Duo for Coefficient
ℹ️ NOTE: To use this feature, your Duo Admin/Coefficient Admin must first set this up for your domain. If you are unsure who your Duo Admin is, please contact your IT team for assistance.
Duo Configuration
1. From the Duo UI, click on "Applications" and "Applications Catalog" (under the Manage section).
2. Search for the term "generic" and click the "Add" button under "Generic OIDC Relying Party".
3. Under the Basic Configuration section, add your application name (eg, Coefficient SSO) and select the "Enable only for permitted groups" option for User Access. We highly recommend enabling this for a select group of users in your domain to enhance security.
ℹ️ NOTE: If you haven't created your user groups, you can come back here once done. We recommend creating a Coefficient user group.
4. Scroll down under the "Metadata" section and copy the information for Client ID, Client Secret, and Issuer. These details will be used when you configure the SSO settings in Coefficient later.
5. Under the "Sign-In Redirect URLs", add: https://app.coefficient.io/api/oidc/login_callback
6. Make sure to check the "email" option under the OIDC Response section (this is a required setting).
Select <Email Address> for the IdP Attribute and email for the Claim dropdowns.
7. Depending on your organization’s settings, you may need to configure additional policy options. Otherwise, scroll to the bottom of the page and click "Save" to continue
8. Congratulations on setting up your SSO settings in Duo. To continue with the configuration in Coefficient, please retrieve the Client ID, Client Secret, and Issuer URL under the Metadata section in Duo (you can go back to step 4 above).
Coefficient Configuration
|
1. Open the Coefficient Sidebar and click Menu. |
2. Select "My Workspace". |
3. The My Workspace page will open in a new tab. Click "Settings" at the bottom left corner. |
4. Click on the "Manage admin settings" link.
5. Click "Configure" under SSO Authentication.
6. Select "Duo" as your SSO Authentication Provider and input the Issuer URL, Client ID, and Client Secret (Go back to step 4 of the Duo Configuration steps above).
7. Click on "Test SSO Credentials" and log in to Duo using your email address on the other tab. You will see a "Validated successfully" message on this screen, indicating that your configuration is correct. Hit "Save".
8. Next, you will be prompted to enable SSO for Duo. Please click "Yes, enable".
9. Keep the current window open and ensure you see the message confirming that Duo SSO has been successfully saved and configured for your domain.
10. To verify the setup, open a new incognito browser window and go to the Coefficient Workspace (https://app.coefficient.io). You should be prompted to sign in with Duo. Click the "Sign in with Duo" button and complete the login process.
11. A successful login confirms that you have successfully configured your Coefficient and Duo
integration! Congratulations 🎉
| ℹ️ NOTE: Here is a screenshot of what your user(s) will see when Duo is configured/enabled for your org. |
Managing access to Coefficient
Granting access to Coefficient
To give a user in your organization access to Coefficient, assign them to the "Coefficient" group you have set up in Duo.
Revoking access to Coefficient
To revoke a user's access to Coefficient, simply remove them from the "Coefficient" group that you have set up in Duo.
FAQs for SSO with Duo
How can I access this feature?
This feature is currently supported for users on the Enterprise plan with Coefficient. Please have your Coefficient Admin reach out to support@coefficient.io for further assistance.
I am the domain administrator and have already configured Coefficient with Duo SSO, but I don’t see the Duo login option. What should I do?
The Duo sign-in option will only be available for non-admin users after you configure it. To test the Duo SSO for your domain, please use a non-admin account or have a user log in through the Coefficient Workspace here. If you encounter any issues, please reach out to support@coefficient.io for further assistance.
Can a user log out of Coefficient via Duo?
Users will not be able to log out of Coefficient via Duo. Users using the SSO with Duo will see a log-out option within the Coefficient sidebar.
What should I do if I encounter an error?
Most of the time, an error indicates a misconfiguration in your Duo SSO setup. To resolve this, return to your Duo SSO configuration and disable the "Enable SSO Authentication" toggle to prevent being locked out of Coefficient. Then, contact support@coefficient.io for further assistance.
Are there any required settings I should note when configuring Duo?
Under the OIDC Response section, you need to ensure that the "email" box is checked and select <Email Address> for the IdP Attribute and "email" for the Claim dropdown options.