Secure Access Single Sign-On Authentication

Cisco Secure Access DNS Defense supports Security Assertion Markup Language (SAML) for the authentication of administrators to the Secure Access console. An administrator signs in to Secure Access from Cisco Security Cloud Sign On (SCSO). Cisco Duo Security or the IdP that you integrated with Security Cloud Sign On provides single sign-on (SSO) authentication of Secure Access administrators through SCSO. For more information, see Cisco Security Cloud Sign On Identity Provider Integration Guide.

To sign in to Secure Access DNS Defense, an administrator must have a Secure Access DNS Defense account and configure single sign-on authentication in SCSO. A Secure Access DNS Defense administrator signs in to SCSO authenticates to the IdP, and then automatically signs in to Secure Access DNS Defense.

Any changes made in your organization's SAML identity provider (IdP) are synced with Secure Access DNS Defense. If you update an account or change a password in the IdP, the changes are immediately reflected in your login. Only the username (email address) is stored in Secure Access DNS Defense. You must sign in to Secure Access DNS Defense with the same email address that you configured in your SCSO account. For more information, see Security Cloud Sign On Quickstart Guide.

Note: You can only use SCSO to authenticate your login to Secure Access DNS Defense. The IdP that you set up in SCSO does not authorize an administrator's permissions to read, create, or update resources on Secure Access DNS Defense. A Secure Access role defines the permissions on the Secure Access account. For more information about user roles, see Manage Accounts.

---

Contact Cisco Secure Access Support > Secure Access Single Sign-On Authentication > Configure Single Sign-On Authentication