Summary

This short series of steps enables Cisco Duo admins to connect their Duo instances to Bigeye for single sign on. Bigeye supports connection via OpenID Connect (OIDC). Upon completion, your employees will be able to login to Bigeye via Duo.

📘

Note - substitute the email domain values

Make sure to enter the same <domain> value throughout this process. The domain will be the email domain of your users such as example.com. If you have more than one domain, it is recommended to set up more than one connection inside of Bigeye.

📘

Note - your Bigeye URL may be different

If you use a Bigeye URL that is different from app.bigeye.com, please substitute your Bigeye URL while performing the steps of this configuration.


Part 1: In your Duo instance, set up a new application for Bigeye.

  1. As a Duo administrator, we recommend following your OIDC application process, such as the setup process documented by Duo
  2. You will need the following information to connect to Bigeye:
    1. Scopes: openid, profile, email, and offline_access
    2. Login Redirect URL: https://app.bigeye.com/sso/<domain>
  3. You will need to collect the following information from Duo during the setup process:
    1. The Discovery URL, or the URL to the OpenID Connect Discovery Document. When submitting to Bigeye, you do not need to input the end of the path starting with .well-known
    2. Client ID
    3. Client Secret

Part 2: Configure Bigeye to integrate with Duo

To configure Bigeye to send your users to Duo:

  1. Go to https://app.bigeye.com/settings/single-sign-on
  2. Click New Connection
  3. Set the following values:
    1. Single sign-on provider: OpenID Connect (OIDC)
    2. Domain: your email domain (e.g. example.com). After this connection is activated, all email addresses for this email domain will be forwarded to your identity provider.
    3. Connection name: your email domain (e.g. example.com). This is an identifier used by Bigeye and your identity provider when they interact.
    4. Issuer URL: this is the URL that provides information about your OpenID Connect endpoints and which parameters are accepted. This URL should be accessible over the network that connects to Bigeye. Bigeye will append .well-known/openid-configuration to the URL you provide.
    5. Client ID and Client Secret as configured by your identity provider
  4. Click Save

Once the connection is saved, all logins for the domain specified will be validated by your identity provider. We highly recommend doing the following to verify your connection:

  1. Log in inside of another browser to verify that you can log in. If you are not able to log in, you may delete the Single Sign-on Connection inside of Bigeye to prevent other users from being locked out.
  2. Verify in your identity provider that the correct users are added to the applicable membership groups for Bigeye.
Configuration dialog for a new single sign-on connection

Configuration dialog for a new single sign-on connection


What’s Next