Skip navigation
Product & Engineering

Duo Single Sign-On Bridge Attributes

Duo Single Sign-On (SSO) is a cloud-based service that provides secure access to your applications, without requiring multiple usernames and passwords. It’s a powerful tool for organizations that want to streamline their authentication process and improve security. But did you know that Duo SSO also comes with a feature called Bridge Attributes?

Bridge Attributes allows you to pass in an attribute from multiple Authentication Sources and “bridges” them to a single Duo SSO attribute name that can be easily referenced when mapping attributes to an application. When working with multiple domains, such as after an acquisition or with an internal test domain, Bridge Attributes ensures that you are sending the correct First Name attribute whether it is stored as [first.name], [NameFirst], or [GivenName] in your different directories. Today we’ll expand on this new feature and how it can enhance your Duo SSO experience.

How to use Bridge Attributes

Suppose your organization has different security clearance levels for employees, such as confidential, secret, and top secret. You may want to provide access to a classified application that requires users to have the appropriate security clearance level. Say that your organization has a kicker, though: The organization hosts multiple domains. Each domain may store the security clearance as a different attribute, with the value pointing back to the security clearance level. Using Duo SSO with Bridge Attributes, you would map these security clearance attributes from each domain to a shared attribute that the application can understand. This way, users with different security clearance levels in differing domains can be granted access to the application based on their security clearance no matter the domain they are coming from.

For example, you could map the security clearance level attribute for employees with confidential clearance to the database's "Confidential Access" attribute while mapping the security clearance level attribute for employees with secret clearance to the database's "Secret Access" attribute, and so on. By doing so, users with the appropriate security clearance level can access the database without manually assigning access rights for each user. This helps improve security by ensuring that only authorized users with the appropriate security clearance level can access the classified database as well as lowering the burden for domain administration.

If you use Duo SSO, you can utilize Bridge Attributes today! Here at Duo, we provide detailed documentation on how to set up Bridge Attributes, including how to create mappings between Duo attributes and attributes in your applications.

Duo Single Sign-On is a powerful tool for organizations that want to simplify their authentication process and improve security. With Bridge Attributes, you can map the user attributes that are passed from Duo SSO to your applications, giving you more control over access and improving security. By using Bridge Attributes you can customize your authentication system to meet your organization’s specific needs.