Re: Suggestion on how to test SAML for a lower environment of Duo?

Gigawatt · ‎02-26-2024

Needing to test out "Remember devices for browser-based applications" - "Allow users to remember their device for X". Some our departments are saying they have to use Duo multiple times a day. Ours is currently set to 1 hour, but was thinking about bumping it up to 8 hours. Just didn't want to make this change in Prod.

Didn't know if there were some test SAML connections I could use.

Pulkit Mittal · ‎02-29-2024

I suggesting adding a group in AD with test user as yourself and creating a group policy for remember devices as below. Here I have created a test group with myself and remember device policy set to 8 hours.

Please mark this helpful if you are happy with the response.

Gigawatt · ‎03-07-2024

Sorry for the late reply. I was referring to setup a test SAML integration (Protect an Application >> Generic SAML Service Provider). I have Claims Xray setup, but didn't know if there are any connections I could test.

DuoKristina · ‎03-07-2024

We don't have a SAML sandbox. You would have to use your actual SSO.

However, @Pulkit Mittal actually gave you good advice. Create a Duo group that contains just a user whom you want to test the 8 hour policy against, create a test custom policy that sets remembered devices for browser apps to 8 hours, and then go to the details of an SSO app you have and apply a group policy targeting the test group and applying the test policy. Only that test user will get the 8 hour policy, and all other users still get the 1 hour policy. https://duo.com/docs/policy#create-and-apply-a-custom-group-policy

The test group for targeting the group policy only needs to be created in an external directory like AD and synced over if the test user you want to use is already managed by Duo directory sync.

Duo, not DUO.