Integrate Cisco Identity Intelligence with Secure Access

Cisco Identity Intelligence is an AI-powered solution that addresses user identity fragmentation. Fragmentation occurs when an organization relies on multiple identity sources, including:

• Traditional Identity Providers (IdPs), such as Entra ID (formerly Azure AD), Duo, and Okta.
• Non-traditional sources, such as Github, Google, and Salesforce.
• HR systems, such as Workday.

Fragmented identities complicate user trust assessment, consistent policy enforcement, and breach detection. Identity Intelligence continuously monitors user identities, behaviors, and access patterns to detect anomalies and enforce adaptive security policies, mitigating unauthorized access risks.

Identity Intelligence is available as a shared Cisco service through Cisco Security Cloud Control. Security Cloud Control is a platform for managing your Cisco security products. By connecting your IdPs to Security Cloud Control, a unified identity context becomes available to Cisco products such as Secure Access, Cisco XDR, and Cisco Duo. This approach streamlines identity management and ensures consistent identity context across multiple services.

The Cisco Identity Intelligence integration, accessible via Security Cloud Control, is included at no additional charge with any Secure Access subscription. However, this does not include access to the standalone Cisco Identity Intelligence dashboard. For more information, see Cisco Identity Intelligence.

Table of Contents

• Claim and Activate Secure Access with Identity Intelligence
  • Integrate Secure Access with a New Identity Intelligence Tenant
  • Integrate Secure Access with an Existing Identity Intelligence Tenant
• Verify Integration and Explore Trust Levels

Claim and Activate Secure Access with Identity Intelligence

This document describes how to claim and activate your Secure Access subscription, either with a new Cisco Identity Intelligence tenant or by integrating with an existing one.

Integrate Secure Access with a New Identity Intelligence Tenant

Follow these steps to activate Secure Access and set up a new Identity Intelligence tenant:

1. In Security Cloud Control, enter your Subscription Code.
2. Once the subscription code is claimed, Secure Access activates within Security Cloud Control.
3. Follow additional steps in Security Cloud Control to activate Cisco Identity Intelligence.
   1. Click Action required.
   2. Select Create new account.
   3. Click Activate.

Integrate Secure Access with an Existing Identity Intelligence Tenant

Integrating Secure Access with an existing Identity Intelligence tenant used with Duo requires additional steps.

Prerequisites

• Duo Administrator with Owner Role: Ensure this Duo Owner account holder is also an administrator in Security Cloud Control.
  • Verify Duo Owners: Log in to the Duo dashboard, then navigate to Users > Manage > Administrators > Manage > Administrators.
  • Verify Security Cloud Control Administrator Group: Within Security Cloud Control, the administrator must be a member of the All Products Administrator group. To add an administrator to Security Cloud Control and assign them to a group, navigate to Platform Management > Access Management > Administrator Access in the Security Cloud Control dashboard.

Activation Steps

Once the prerequisites are met, proceed with these steps:

1. In Security Cloud Control, enter your Subscription Code.
2. Once the subscription code is claimed, Secure Access activates within Security Cloud Control.
3. Follow additional steps in Security Cloud Control to activate Cisco Identity Intelligence.
   1. Click Action required.
   2. Select Connect an existing account.
   3. From the Initial administrator dropdown, choose the Duo Owner.
   4. Click Activate.
4. The Duo administrator will receive an email to connect their Security Cloud Control and Duo accounts. Instruct the Duo administrator to follow these steps:
   1. Click the Connect accounts link in the email. They will be directed to log in to Duo.
   2. At the top of the Duo dashboard, a banner will appear: Connect Duo to Security Cloud Control. Click this banner.
   3. In the pop-up window, click Authorize.

Post-Integration

After successful integration, user trust levels will become visible in Secure Access once the same Identity Providers (IdPs) are added to both products.

Note: It can take up to 24 hours for user trust levels to update in Secure Access after the initial integration.

To add IdPs:

• For Secure Access:
  1. In the Secure Access dashboard, navigate to Connect > Essentials > Users, Groups, and Endpoint Devices.
  2. Select Configuration management.
  3. Choose Integrate directories.

For more detailed instructions, see Add a Cloud Identity Provider.

• For Identity Intelligence:
  1. In Security Cloud Control, navigate to Identity Intelligence > Integrations (under Platform services).
  2. Click Add Integration.

For more information, see Configuring Integrations in the Identity Intelligence knowledge base (formerly Oort).

Verify Integration and Explore Trust Levels

After successfully integrating Secure Access with Identity Intelligence via Security Cloud Control, you can verify the integration and explore user trust levels:

• View Users Provisioned in Secure Access: View the potential risk of each user provisioned by an identity sources connected to both Secure Access and Identity Intelligence.
• View User Details: View an explanation and time stamp of a user's most recent Trust Level.

For comprehensive information on user trust levels and their calculation, refer to the User Trust Level documentation in the Identity Intelligence knowledge base (formerly Oort).

Verify and Monitor Context Sharing < Integrate Cisco Identity Intelligence with Secure Access