Skip to main content



Cisco Defense Orchestrator

Onboard an FTD Using Credentials

This is a simple method of onboarding a Firepower Threat Defense (FTD) Device. However, the recommended way of onboarding an FTD to CDO is by using a registration key. 

Before Onboarding

  • Important: Before you onboard an FTD device to CDO, read Onboard an FTD and Connect Cisco Defense Orchestrator to Your Managed Devices. They provide the general device requirements and onboarding prerequisites needed to onboard a device.
  • You need the following information to onboard an FTD using the credentials method:  
    • The device credentials CDO will use to connect to the FTD.
    • The device's IP address of the interface you are using to manage the device. This may be the Management interface, an inside interface, or the outside interface depending on how you have configured your network.
    • The FTD must be managed by Firepower Device Manager (FDM) and configured for local management in order for you to onboard it to CDO. It cannot be managed by Firepower Management Center (FMC). 

Note: If you connect to and your FTD is running software version 6.4, you must use this method. You can only onboard an FTD device running software version 6.5+.

Onboarding Procedure

Use this procedure to onboard an FTD device using only the administrator username and password and the device's Management IP address:

  1. Log in to CDO.
  2. In the navigation pane, click Devices & Services and click the blue plus button blue_cross_button.png to Onboard a device.
  3. Click FTD.

Important: When you attempt to onboard an FTD, CDO prompts you to read and accept the Firepower Threat Defense End User License Agreement (EULA), which is a one-time activity for your tenant. Once you accept the EULA, CDO won't prompt you again to accept it unless the EULA changes. 

  1. On the Onboard FTD Device screen, click Use Credentials.


  1. In the Device Details step:
  • Click the Secure Device Connector button and select a Secure Device Connector installed in your network. If you would rather not use an SDC, CDO can connect to your FTD using the Cloud Connector. Your choice depends on how you connect CDO to your managed devices
  • Enter the device name in the Device Name field. This could be the hostname of the device or any other name you choose. 
  • In the Location field, enter the IP address of the interface you are using to manage the device, hostname, or fully qualified domain name of the FTD. The default port is 443. 

Important: If you already have a SecureX or Cisco Threat Response (CTR) account, you will need to merge your CDO account and SecureX/CTR account in order for your devices to be registered with SecureX. Your accounts can be merged through the SecureX portal. See Merge Your CDO and SecureX Accounts  for instructions. Until your accounts are merged, you will not be able to see your device’s events in SecureX or benefit from other SecureX features. 

  1. In the Database Updates area, the Immediately perform security updates, and enable recurring updates is enabled by default.
    This option immediately triggers a security update as well as automatically schedules the device to check for additional updates every Monday at 2AM. See Update FTD Security Databases and Schedule a Security Database Update for more information.
    Note: Disabling this option does not affect any previously scheduled updates you may have configured through FDM.
    Click Next.
  2. Enter the device administrator's username and password and click Next.
  3. If there are pending changes on the device's FDM, you will be notified and you can revert the changes or log in to FDM and deploy the pending changes. If there are no pending changes on FDM, you will not see a prompt.
  4. (Optional) Once the credentials are verified, you're prompted to label the device. See Labels and Label Groups for more information.
  5. Click Go to Devices & Services.
  6. Once the device is onboarded, CDO shows it on the Devices & Services page with a "Synced" status.

What's Next?

If you are onboarding an FTD HA pair, you must onboard the peer device to CDO as well. See step 2 in Onboard an FTD HA Pair using Username, Password, and IP Address for more information. 

Related Topics


  • Was this article helpful?