Integrate Cisco Secure Email Encryption Service with Duo

Introduction

This document describes how to integrate Cisco Secure Email Encryption Service, formerly known as Cisco Registered Envelope Service (CRES), with Duo.

Prerequisites

Requirements

• Admin access to CRES portal https://res.cisco.com/admin/
• Admin access to Duo portal https://admin.duosecurity.com/
• Admin access to Azure portal https://portal.azure.com/
• Users need to be enrolled in Duo Admin Panel as described in https://duo.com/docs/enrolling-users

Components Used

• SAML 2.0

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Configure

Step 1. Log in to Duo Admin Panel https://admin.duosecurity.com/

Step 2. Navigate to Applications

Step 3. Select Protect Application

Step 4. Select Generic SAML Service Provider and Protect

Step 5. Copy the Single Sign-On URL

Step 6. Select Download Certificate

Step 7. Select Download XML

Step 8. Under Service Provider -> Entity ID * type https://res.cisco.com/

Step 9. Under Service Provider -> Assertion Consumer Service (ACS) URL * type https://res.cisco.com/websafe/ssourl

Step 10. Scroll down until you see Settings -> Name type the title of your new application and select Save, as shown in the image:

Step 11. Log in to the CRES portal https://res.cisco.com/admin/

Step 12. Navigate to the Accounts tab and select the hyperlink for your Account Number

Step 13. Under the Details tab select Authentication Method -> SAML 2.0

Step 14. Leave SSO Alternate Email Attribute Name blank

Step 15. SSO Service Provider Entity ID type https://res.cisco.com/

Step 16. SSO Customer Service URL paste the URL you copied in Step 5

Step 17. Leave  SSO Logout URL blank

Step 18. Current Certificate SSO Identity Provider Verification Certificate select Choose File and use the certificate downloaded in step 6, as shown in the image:

Step 19. Log in to Azure portal https://portal.azure.com/

Step 20. Navigate to Azure Active Directory -> Enterprise Applications -> New application -> Create your own application

Step 21. Name your application and select Integrate any other application you don't find in the gallery (Non-gallery) -> Create

Step 22. Select Assign users and groups and add the users you want to have access to CRES and select Assign

Step 23. Select Single sing-on -> SAML -> Upload metadata file, and select the file downloaded in step 7, as shown in the image:

Verify

Step 1. Log in to the CRES portal https://res.cisco.com/websafe/, as shown in the image:

Step 2. Use the passkey for DUO, as shown in the image:

Step 3. Once you set the proper passkey, you will be able to login successfully into the CRES portal, as shown in the image:

Common Errors

1. If the user is not assigned under Users and Groups in the Enterprise Application, you get this error, as shown in the image:

2. If the User is removed from Users in the Duo Admin Panel, you get this error, as shown in the image:

3. If the User is not enrolled in the Duo Admin Panel, you get this error, as shown in the image: