First you will need to set up your Duo Access Gateway

As defined here: DAG Create your cloud application in duo.

Service Provider Name: NAA Access Anywhere

Entity ID: your Access Anywhere URL

Assertion Consumer Service: your Access Anywhere url + /saml.html

Send Attributes: All

a) Group name fix There is an issue with the group name (when leveraging AD as the Directory backend). By default the results that come back are the DN and not the friendly name.

When you finish generating the json file you’ll edit to to update the memberof to look like so:

            "94": {
                "class": "core:AttributeAlter",
                "subject": "memberOf",
                "pattern": "/^CN=(.*?),.*/",
                "replacement": "${1}"
            },

Apply that json to your DAG.

Update DAG to return displayName (and other attributes we need)

We need to ensure that the display name is returned:

In the DAG under Authentication Source we can add displayName as one of the attributes to return:

Gather info from DAG for NAAintegration

Follow the steps as defined here: DAG - Configure Your Service Provider This will give you URL/IDs/Certs needed for Access Anywhere Auth System Setup.

Create Auth System in SME

We’ll enter this data into Access Anywhere. Logged in as the Org Admin, in a package with SAML enabled, go to Organization> Auth Systems.

This will now allow your users to click the Duo Access Gateway login button the page and login through your DAG into Access Anywhere.