SAML With Duo Access Gateway

I am testing SAML with Duo Access Gateway on Nextcloud 16.0.4.

I have LDAP integration and users imported from Active Directory. I am setting up SAML for DUO to enforce Dual Factor authentication. The Duo gateway handles authenticating AD and the DUO second factor, then sends the response back to Nextcloud.

So far i am redirected to the IDP to authenticate and then am redirected to the Nextcloud instance. I get the message “Account not provisioned, your account is not provisioned, access to this service thus not possible.”

when i look at the logging tab in the admin page I see “Auto Provisioning not allowed and user does not exist”

below is a screenshot of my config in Nextcloud. I have also tried different UID attributes like mail,UID,and sAMAccountName

When i look at the users tab the usernames appear to be randomly generated UIDs.

My end goal is to have the users synced from AD and then authenticated via SAML. Any help is appreciated. Since i have not seen anyone else document a duo implementation, I am hoping to create a guide for it as well.