Secure Access Single Sign-On Authentication

Cisco Secure Access supports Security Assertion Markup Language (SAML) for the authentication of administrators to the Secure Access console. An administrator signs in to Secure Access from Cisco Security Cloud Sign On (SCSO). Cisco Duo Security or the IdP that you integrated with Security Cloud Sign On provides single sign-on (SSO) authentication of Secure Access administrators through SCSO. For more information, see Cisco Security Cloud Sign On Identity Provider Integration Guide.

To sign in to Secure Access, an administrator must have a Secure Access account and configure single sign-on authentication in SCSO. A Secure Access administrator signs in to SCSO authenticates to the IdP, and then automatically signs in to Secure Access.

Any changes made in your organization's SAML identity provider (IdP) are synced with Secure Access. If you update an account or change a password in the IdP, the changes are immediately reflected in your login. Only the username (email address) is stored in Secure Access. You must sign in to Secure Access with the same email address that you configured in your SCSO account. For more information, see Security Cloud Sign On Quickstart Guide.

Note: You can only use SCSO to authenticate your login to Secure Access. The IdP that you set up in SCSO does not authorize an administrator's permissions to read, create, or update resources on Secure Access. A Secure Access role defines the permissions on the Secure Access account. For more information about user roles, see Manage Accounts.

Contact Cisco Secure Access Support > Secure Access Single Sign-On Authentication > Configure Single Sign-On Authentication