Log in to the Duo Admin Panel and click Protect an Application in the navigation bar on the left.
Locate the entry for Generic Service Provider with a protection type of "2FA with SSO hosted by Duo (Single Sign-On)" in the applications list. Click Protect to the far-right to start configuring Generic Service Provider
The Download section is where you can download the SAML metadata file to upload into your SSO provisioning method.
Back on the Keeper Admin console, locate your DUO SSO Connect Cloud Provisioning method and select Edit.
Scroll down to the Identity Provider section, set IDP Type to GENERIC, select Browse Files and select the DUO Metadata file previously downloaded.
Still within the Keeper Admin Console, exit Edit View and select View on your DUO SSO Connect Cloud Provisioning method. Within the Service Provider section you will find the metadata values for the Entity ID, IDP Initiated Login Endpoint and Assertion Consumer Service (ACS) Endpoint.
Return to the application page in your Duo Admin Panel, copy and Paste the Entity ID, Login Endpoint and ACS Endpoint into the Service Provider section.
Within the SAML Response section, scroll down to Map attributes and map the following attributes.
Within the Policy section, defines when and how users will authenticate when accessing this application. Your global policy always applies, but you can override its rules with custom policies.
Within the Global Policy section, Review / Edit / Verify any Global Policy as seen by your DUO and or Keeper administrator.
Within the Settings section, Name the application Keeper Security EPM - Single Sign-On. All other settings are set as seen by your DUO and or Keeper administrator.
At the very bottom of the page, click on Save to save the protected application settings.