==== Duo Access Gateway ====

__First you will need to set up your Duo Access Gateway__

As defined here: [[https://duo.com/docs/dag-generic#create-your-cloud-application-in-duo|DAG Create your cloud application in duo]].

Service Provider Name: NAA Access Anywhere

Entity ID: your Access Anywhere URL

Assertion Consumer Service: your Access Anywhere url + /saml.html

{{:dag_sp_setup.png}}

Send Attributes: All

a) Group name fix
There is an issue with the group name (when leveraging AD as the Directory backend). By default the results that come back are the DN and not the friendly name.

When you finish generating the json file you’ll edit to to update the memberof to look like so:

```
            "94": {
                "class": "core:AttributeAlter",
                "subject": "memberOf",
                "pattern": "/^CN=(.*?),.*/",
                "replacement": "${1}"
            },

```

Apply that json to your DAG.

__Update DAG to return displayName (and other attributes we need)__

We need to ensure that the display name is returned:

In the DAG under Authentication Source we can add displayName as one of the attributes to return:

{{:dag_authsources.png}}

__Gather info from DAG for NAAintegration__

Follow the steps as defined here: [[https://duo.com/docs/dag-generic#configure-your-service-provider|DAG - Configure Your Service Provider]]
This will give you URL/IDs/Certs needed for Access Anywhere Auth System Setup.

__Create Auth System in SME__

We’ll enter this data into Access Anywhere. Logged in as the Org Admin, in a package with SAML enabled, go to Organization> Auth Systems.

{{:dag_authsys1.png}}
{{:dag_authsys2.png}}

This will now allow your users to click the Duo Access Gateway login button the page and login through your DAG into Access Anywhere.