How can we help?

SSO Configuration

1. Log on to the Duo Admin Panel and navigate to Applications.
2. Open the Doximity application and configure the following settings:
   • Name:  Use organizational naming conventions
   • Application Type: Generic SAML Service Provider
   • User Access: Enable only for permitted groups OR Enable for all users
3. Under the “Metadata” section, go to the Metadata URL and select the Copy button. Please send that your Doximity technical resource.
4. Under the Service Provider section, configure the following settings:
   • Metadata Discovery: None (manual input)
   • Entity ID: https://sso-connect.doximity.com
   • Assertion Consumer Service (ACS) URL: https://sso-connect.doximity.com/auth/saml/organization_identifier - unique URL to provided by Doximity technical resource
   • Single Logout URL, Service Provider Logout URL and Default Relay State are all optional and can be left blank. 
5. Under the SAML Response section, configure the following settings: 
   • NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format.email/Address
   • NameID attribute: <Email Address>
   • Signature Algorithm: SHA526
   • Signing Options: check both “Sign response” and “Sign assertion”
   • Encrypt SAML Assertion (optional): Doximity supports SAML Assertion encryption. Please work with your Doximity technical resource to receive the certificate. 
   • Attributes: Map per table below. 

   • IDP Attribute	SAML Response Attribute
     <Display Name>	name
     <Email Address>	mail
     <First Name>	first_name
     <Last Name>	last_name
     <Username>	sAMAccountName

• Create Attributes, Role Attributes, and Attribute Transformations can be left blank. 

6. Configure the Universal Prompt and Policy section as appropriate for your organization and similar applications.

Provisioning Configuration

1.  Navigate to Provisioning page
2. Under the Authentication section, configure following settings:
   • Authentication mode: Bearer token
   • Base URL: https://sso-connect.doximity.com/scim_v2
   • Token: Please work with your Doximity technical resource to receive the token via secure method. 
3. Click Connect to application and validate sucessful connection
4. Under Attribute Mapping: Map per table below

   • Duo User Attribute	Application Attribute
     UserName	userName

5. Click Save and enable to turn on provisioning.

For more information, please refer to the following two Duo support pages:

• Duo Single Sign-On for Generic SAML Service Providers
• Automated Provisioning