# Duo Use these instructions to set up Duo as your SSO provider for Tonic Structural. ## **Duo configuration** To indicate to use Duo as an SSO provider for Structural: 1. On the **Applications** page, click **Add application**.

2. In the application types list, click **Web SDK**.

3. On the application details page, configure the application.

You will use the following values in the Structural configuration: * **Client ID -** The client identifier for Web SDK. * **Client secret -** The client secret for Web SDK. * **API hostname -** The Duo domain, which is essentially the URL to your Duo instance: `admin-.duosecurity.com`. ## Structural **configuration** To configure Duo SSO, use the following [environment settings](/app/admin/environment-variables-setting.md). * `TONIC_SSO_PROVIDER` - `Duo` * `TONIC_SSO_CLIENT_ID` - The client ID for Web SDK. This is the value of **Client ID**. * `TONIC_SSO_CLIENT_SECRET` - The client secret for Web SDK. This is the value of **Client secret**. * `TONIC_SSO_DOMAIN` - The Duo domain. This is the value of **API hostname**. * `TONIC_SSO_GROUP_FILTER_REGEX` - Identifies the allowed groups for Structural. For details, go to [Synchronizing SSO groups with Structural](/app/admin/tonic-user-access/single-sign-on/sso-limit-groups.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tonic.ai/app/admin/tonic-user-access/single-sign-on/sso-duo.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.