NOTE: You will need SnapStream version 9.3 or higher for this to work properly.

To configure your SnapStream to use DUO SSO you will need to head to the Admin tab select the Security drop-down menu and click on Config. For External Authentication select SAML 2.0. Keep note of the SAML ACS URL as you will need it when in the DUO Application.

Head to your DUO Dashboard and select Applications --> Protect an Application. In the search bar, type in SAML - Service Provider. and click Protect this Application.

Type in the following

Service Provider name: SnapStream

Entity ID: snapstream

Assertion Consumer Service: SAML ACS URL given to you in the SnapStream Security Config page

Add two MAP attributes

Idp Attribute: memberof 

SAML Response Attribute: Group.Name

Idp Attribute: mail

SAML Response Attribute: User.Email

Once that is done, you can leave the other fields as is and click Save Configuration.

You will need to download the configuration file (.json).

Next head to your DUO Access Gateway.

Click on the Choose File button in the Add Application section and upload the configuration file that was just downloaded.

Once uploaded, the SAML application is added.

You will then need the metadata which can be found at the bottom of the  "Application" page.

Copy the Metadata information to the SnapStream Security config page.

SAML Certificate into the SAML Certificate 

Entity ID = SAML Issuer (https://example.com/dag/saml12/idp/idp/SSOService.php)

SSO URL = SAML Endpoint (https://example.com/dag/saml12/idp/idp/metadata.php)

NOTE: For SAML Endpoint you will need to add the following at the end of the url

?spentityid=snapstream 

and click save.

You will then need to head to groups and click the Edit icon for the group you want SSO applied to. In the Linked SAML Groups section enter the DUO group info. The group info should look similar to this:

CN=Example,OU=Example,DC=example,DC=example