# Duo

Use these instructions to set up Duo as your SSO provider for Tonic Structural.

## **Duo configuration** <a href="#sso-duo-configuration" id="sso-duo-configuration"></a>

To indicate to use Duo as an SSO provider for Structural:

1. On the **Applications** page, click **Add application**.

<figure><img src="https://3378426797-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSQCLFQ4bslJ-HYc8c3%2Fuploads%2F1hkS6lfcfQMpYedhBI4N%2FDuoSSOApplications.png?alt=media&#x26;token=fe8822a7-4950-497e-8766-75326b83f6ae" alt=""><figcaption><p>Applications list in Duo</p></figcaption></figure>

2. In the application types list, click **Web SDK**.

<figure><img src="https://3378426797-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSQCLFQ4bslJ-HYc8c3%2Fuploads%2FMyshuf1AF1fEb0kyJkD4%2FDuoSSOApplicationTypes.png?alt=media&#x26;token=b26b7050-a5c5-4d83-8cff-2ae246f0b67e" alt=""><figcaption><p>Application types for Duo</p></figcaption></figure>

3. On the application details page, configure the application.

<figure><img src="https://3378426797-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSQCLFQ4bslJ-HYc8c3%2Fuploads%2F4QcUDD4rIvOOLiMkjf1P%2FDuoSSOApplicationDetails.png?alt=media&#x26;token=8ace7fb4-10c8-44fa-a2f1-af21307c8752" alt=""><figcaption><p>Application details</p></figcaption></figure>

You will use the following values in the Structural configuration:

* **Client ID -** The client identifier for Web SDK.
* **Client secret -** The client secret for Web SDK.
* **API hostname -** The Duo domain, which is essentially the URL to your Duo instance: `admin-<identifier>.duosecurity.com`.

## Structural **configuration** <a href="#sso-duo-tonic-configuration" id="sso-duo-tonic-configuration"></a>

To configure Duo SSO, use the following [environment settings](https://docs.tonic.ai/app/admin/environment-variables-setting).

* `TONIC_SSO_PROVIDER` -  `Duo`
* `TONIC_SSO_CLIENT_ID` - The client ID for Web SDK. This is the value of **Client ID**.
* `TONIC_SSO_CLIENT_SECRET` - The client secret for Web SDK. This is the value of **Client secret**.
* `TONIC_SSO_DOMAIN` - The Duo domain. This is the value of **API hostname**.
* `TONIC_SSO_GROUP_FILTER_REGEX` - Identifies the allowed groups for Structural. For details, go to [sso-limit-groups](https://docs.tonic.ai/app/admin/tonic-user-access/single-sign-on/sso-limit-groups "mention").