Do I need to configure Global > Service Provider > IdP?
I’m hoping someone can enlighten me the instruction how to set this up or docs. I would greatly appreciate it.
If I understood your requirement correctly, you want to use pass-through authentication using “Active Directory” and also enable cisco DUO as MFA for users signing into your SailPoint ISC tenant.
But if you are trying to configure SSO using IdP as Entra ID and want cisco DUO as external MFA, this YouTube video might be helpful: https://youtu.be/o3SAv2iabcw?si=XZitWobEdJ1_CYoD. You then have to configure the “Service Provider” in Security Settings as you mentioned.
Yes, a similar one. If you enable “Multifactor Authentication” in the Identity Profile with target users, SailPoint do not restrict which MFA tool you can use. All users in that Identity Profile would be required to setup up an authenticator app and you can guide the users to use “Duo Mobile” app.
Note: The end user can still configure google authenticator or any other authenticator if he/she wants. Also there would not be any push notifications, the user have to open the authenticator app/Duo Mobile and type/copy the code that is refreshed every 30 seconds.
I understand it would be way better for user experience if a prompt/push notification is possible in sign-in like the “two-factor authentication” while password reset.