Add SSO Authentication Profiles

After you provision users and groups in Cisco Secure Access with a provisioning identity provider (IdP), you can configure the integration of a single sign-on (SSO) authentication identity provider (IdP). Secure Access supports Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) to authenticate users.

This guide describes how to add SSO authentication profiles for the integration of user authentication IdPs in Secure Access.

Table of Contents

• Prerequisites
• Requirements for Configuring SSO Authentication Profiles
• About the Default Provisioning Profile
• Procedure
• View User Authentication Profiles

Prerequisites

• Full Admin user role. For more information, see Manage Accounts.

Requirements for Configuring SSO Authentication Profiles

When you add an SSO authentication profile in Secure Access, you must assign one of the user directories (integrated cloud provisioning IdPs) with the profile. You can associate a user directory that is not already assigned to an SSO authentication profile. For more information, see Manage User Directories.

About the Default Provisioning Profile

If you previously integrated an SSO IdP that supported SSO authentication but Secure Access did not have the option to assign a user directory to the integration, Secure Access will associate the Default Profile for this integration.

The Default Profile describes the integration of an existing IdP in Secure Access using the organization's ID and the SCIM token that you generated for the IdP integration.

Procedure

Add an SSO authentication profile for the integration of a user authentication IdP in Secure Access.

1. Navigate to Connect > Users and User Groups, and then click Configuration management.

   

2. Navigate to SSO authentication, and then click Add SSO authentication.

   

3. For SSO Authentication Name, enter a unique name for the SSO authentication profile.

   

4. For Authentication Method, click Security Assertion Markup Language (SAML) or OpenID Connect (OIDC).

   

5. For User Directory, choose the directory for the cloud IdP that provisions the users and groups.

   

6. Click Next.

7. For IdP Authentication, follow the steps in the OIDC or SAML configuration guides to complete the integration of the SSO authentication IdP.

   • For more information, see Configure Integrations with OIDC Identity Providers.
   • For more information, see Configure Integrations with SAML Identity Providers.

8. Click Done.

View SSO Authentication Profiles

1. Navigate to Connect > Users and User Groups, and then click Configuration management.

   

2. Navigate to SSO authentication.
   Secure Access lists the configured SSO authentication profiles.

   

Manage User Authentication Profiles > Add SSO Authentication Profiles < About Single Sign-On for Users