Configure Single Sign-On Authentication

Cisco Secure Access supports Security Assertion Markup Language (SAML) for the authentication of administrators to the Secure Access console. An administrator signs in to Secure Access using Cisco Security Cloud Sign On (SCSO). Cisco Duo Security provides single sign-on (SSO) authentication of Secure Access administrators through SCSO.

Table of Contents


  • A valid Secure Access account. For more information, see Manage Accounts.

Add Your Organization's Identity Provider in Security Cloud Sign On

You can add an SAML identity provider (IdP) in SCSO for Secure Access. Once you add an IdP and provision user accounts in Security Cloud Sign On, administrators in your organization are not required to complete the Sign Up Now steps. For more information, see Cisco Security Cloud Sign On Identity Provider Integration Guide.

Add Administrators to Secure Access

A Cisco Secure Access administrator can add additional administrators to their Secure Access organization (Org) and assign a role to the new administrator's account. To establish an account, provide the email address of the new administrator and choose the Secure Access role for the account. For more information, see Manage Accounts.

When an administrator provisions a Secure Access account, an email is sent from Secure Access to the new administrator with the instructions to use SSO authentication to sign in to their Secure Access Org.

The new administrator has a Secure Access account and must create an SSO account through the Security Cloud Sign On (SCSO) portal. The email address in the Secure Access account must match the email address entered to create the SCSO account. The SCSO portal manages SSO authentication through an integrated IdP.


Configure SSO authentication for Secure Access through Cisco Security Cloud Sign On (SCSO).

  1. Navigate to your Secure Access organization at<org_number>.
    Secure Access uses single sign-on authentication through Security Cloud Sign On.
  2. In Security Cloud Sign On, enter the email address where you received the invitation to join a Secure Access organization.
    Your Secure Access account and the SCSO account must use the same email address.
  3. Click Sign up now and create an SCSO account.
    Secure Access sends you an invitation to create an SCSO account.
  4. Once you receive an email from Secure Access inviting you to create an SCSO account, click the link in the email and follow the instructions to set up your SCSO account with your IdP. For more information, see Security Cloud Sign On Quickstart Guide.
  5. Follow the steps to sign in to your Secure Access Org. For more information, see Sign In to Secure Access with Security Cloud Sign On.

Secure Access Single Sign-On Authentication > Configure Single Sign-On Authentication > Troubleshoot Single Sign On Authentication