NOTE: You will need SnapStream version 9.3 or higher for this to work properly.
To configure your SnapStream to use DUO SSO you will need to head to the Admin tab select the Security drop-down menu and click on Config. For External Authentication select SAML 2.0. Keep note of the SAML ACS URL as you will need it when in the DUO Application.
Head to your DUO Dashboard and select Applications --> Protect an Application. In the search bar, type in SAML - Service Provider. and click Protect this Application.
Type in the following
Service Provider name: SnapStream
Entity ID: snapstream
Assertion Consumer Service: SAML ACS URL given to you in the SnapStream Security Config page
Add two MAP attributes
Idp Attribute: memberof
SAML Response Attribute: Group.Name
Idp Attribute: mail
SAML Response Attribute: User.Email
Once that is done, you can leave the other fields as is and click Save Configuration.
You will need to download the configuration file (.json).
Next head to your DUO Access Gateway.
Click on the Choose File button in the Add Application section and upload the configuration file that was just downloaded.
Once uploaded, the SAML application is added.
You will then need the metadata which can be found at the bottom of the "Application" page.
Copy the Metadata information to the SnapStream Security config page.
SAML Certificate into the SAML Certificate
Entity ID = SAML Issuer (https://example.com/dag/saml12/idp/idp/SSOService.php)
SSO URL = SAML Endpoint (https://example.com/dag/saml12/idp/idp/metadata.php)
NOTE: For SAML Endpoint you will need to add the following at the end of the url
?spentityid=snapstream
and click save.
You will then need to head to groups and click the Edit icon for the group you want SSO applied to. In the Linked SAML Groups section enter the DUO group info. The group info should look similar to this:
CN=Example,OU=Example,DC=example,DC=example