Skip to main content

 

 

Cisco Defense Orchestrator

User Management

Before you create or edit a user record in CDO, read Relationship Between Identity Provider Accounts and Defense Orchestrator User Records to learn how the identity provider (IdP) account and the user record interact. CDO users need a CDO record and a corresponding IdP account so they can be authenticated and access your CDO tenant. 

Unless your enterprise has it's own IdP, Cisco Secure Sign-On is the identity provider for all CDO tenants. The rest of this article assumes you are using Cisco Secure Sign-On as your identity provider.

You can see all the user records associated with your tenant on the User Management screen. This includes any Cisco support engineer temporarily associated with your account to resolve a support ticket.

View the User Records Associated with your Tenant

1. From the user menu, select Settings.

user_menu.png


2. Click User Management.

user_manage_super.png

Note: To prevent Cisco support from accessing your tenant, configure your Account Settings in the General Settings page.

Create a CDO User Record

This procedure creates the user's CDO user record, not the user's account in Cisco Secure Sign-On. If the user does not have an account in Cisco Secure Sign-On, they can self-enroll by navigating to https://security.cisco.com and clicking "Sign up" at the bottom of the Sign in screen. 

Your will need to have the role of Super Admin on CDO to perform this task.

  1. Login to CDO. 
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the blue plus button blue_cross_button.png to add a new user to your tenant. 
  5. Provide the email address of the user.

Note: The user's email address must correspond to the email address of the Cisco Secure Log-On account.

  1. Select the user's role from the drop-down menu.
  2. Click OK.

Note: Though Super Admins can create a CDO user record, that user record is not all that is needed for a user to log in to your tenant. The user also needs an account with the identity provider used by your tenant. Unless your enterprise has its own single sign-on identity provider, your identity provider is Cisco Secure Sign-on. Users can self-register for their Cisco Secure Sign-On account; see Initial Login to CDO for more information. 

Edit the Role of the CDO User Record

You will need to have the role of Super Admin to perform this task. If the Super Admin changes the role of a CDO user that is logged in, once their role has been changed, the user is automatically logged out of their session. Once the user logs back in, they assume their new role. 

Caution: Changing the role of a user record will delete an API token associated with the user record if there is one. 

To edit the role defined in the user record, follow this procedure:

  1. Login to CDO.
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the edit icon edit.png in the user's row.
  5. Select the user's new role from the Role drop-down menu.
  6. If the user record shows that there is an API token associated with the user, you will need to confirm that you want to change the user's role and delete the API token as a result.
  7. Click OK.
  8. If CDO deleted the API token, contact the user so that they may create a new API Token

Note: If a CDO user is logged in, and a Super User changes their role, the user must log out and log back in again for the change to take affect. 

Delete a CDO User Record

Deleting a user record in CDO prevents the associated user from logging in to CDO by breaking the mapping of the user record with the Cisco Secure Sign-On account. When you delete a user record, you are also deleting the API token associated with that user record should there be one. Deleting a user record in CDO does not delete the user's IdP account in Cisco Secure Sign-On.

You will need to have the role of Super Admin to perform this task.

  1. Login to CDO.
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the trash can icon trash.png in the row of the user you want to delete.
  5. Click OK.
  6. Confirm that you want to remove the account from the tenant by clicking OK.