To create a new CDO user, these two things need to happen but they do not need to happen sequentially:
- Create a Cisco Secure Sign-on Account for the New User
- Create a CDO User Record with Your CDO Username
After these tasks are done, then the user can open CDO from the Cisco Secure Sign-On dashboard.
Create a Cisco Secure Sign-on Account for the New User
Creating a Cisco Secure Sign-on account can be done at any time by the new user themselves. They do not need to know the name of the tenant they will be assigned to.
About Logging in to CDO
Cisco Defense Orchestrator (CDO) uses Cisco Secure Sign-On as its identity provider and Duo for multi-factor authentication (MFA). To log into CDO, you must first create your account in Cisco Secure Sign-On and configure MFA using Duo.
CDO requires MFA which provides an added layer of security in protecting your user identity. Two-factor authentication, a type of MFA, requires two components, or factors, to ensure the identity of the user logging into CDO. The rst factor is a username and password, and the second is a one-time password (OTP), which is generated on demand.
Important: If your CDO tenant existed before October 14, 2019, use Migrating to Cisco Secure Sign-On Identity Provider for log in instructions instead of this article.
Before you Log In
Install DUO Security. We recommend installing the Duo Security app on a mobile phone. Review Duo Guide to Two Factor Authentication: Enrollment Guide if you have questions about installing Duo.
Time Synchronization. You are going to use your mobile device to generate a one-time password. It is important that your device clock is synchronized with real time as the OTP is time-based. Make sure your device clock set automatically or manually set it to the correct time.
Create a New Cisco Secure Sign-On Account and Configure Duo Multi-factor Authentication
The initial sign-on workow is a four-step process. You need to complete all four steps.
- Sign Up for a New Cisco Secure Sign-On Account
- Browse to https://sign-on.security.cisco.com.
- At the bottom of the Sign In screen, click Sign up.
- Fill in the fields of the Create Account dialog and click Register.
Here are some tips:
- Email-Enter the email address that you will eventually use to log in to CDO.
- Organization-Add a name to represent your company.
- After you click Register, Cisco sends you a verification email to the address you registered with. Open the email and click Activate Account.
2. Set up Multi-factor Authentication Using Duo
We recommend using a mobile device when setting up multi-factor authentication.
- In the Set up multi-factor authentication screen, click Configure factor.
- Click Start setup and follow the prompts to choose a mobile device and verify the pairing of that mobile device with your account.
For more information, see Duo Guide to Two Factor Authentication: Enrollment Guide. If you already have the Duo app on your device, you'll receive an activation code for this account. Duo supports multiple accounts on one device.
- At the end of the wizard click Continue to Login.
- Log in to Cisco Secure Sign-On with the two-factor authentication.
3. (Optional) Setup Google Authenticator as an additional authenticator.
- Choose the mobile device you are pairing with Google Authenticator and click Next.
- Follow the prompts in the setup wizard to setup Google Authenticator.
4. Configure Account Recovery Options for your Cisco Secure Sign-On Account
- Choose a recovery phone number for resetting your account using SMS.
- Choose a security image.
- Click Create My Account. You now see the Cisco Security Sign-On dashboard with the CDO app tiles. You may also see other app tiles.
Tip: You can drag the tiles around on the dashboard to order them as you like, create tabs to group tiles, and rename tabs.
Create a CDO User Record with Your CDO Username
Only a CDO user with "Super Admin" privileges can create the CDO user record. The Super Admin should create the user record with the same email address that was specified in the Create Your CDO Username task above.
Use the following procedure to create a user record with an appropriate user role:
- Login to CDO.
- From the user menu, click Settings.
- Click User Management.
- Click the blue plus button to add a new user to your tenant.
- Provide the email address of the user.
Note: The user's email address must correspond to the email address of the Cisco Secure Log-On account.
- Select the user's role from the drop-down menu.
- Click OK.
The New User Opens CDO from the Cisco Secure Sign-On Dashboard
- Click the appropriate CDO tile on the Cisco Secure Sign-on dashboard. The CDO tile directs you to https://defenseorchestrator.com, the CDO (EU) tile directs you to https://defenseorchestrator.eu, the CDO (APJC) tile directs you to https://www.apj.cdo.cisco.com/.
- Click the authenticator logo to choose Duo Security or Google Authenticator if you have set up both authenticators.
- If you already have a user record on an existing tenant, you are logged into that tenant.
- If you already have a user record on several portals, you will be able to choose which portal to connect to.
- If you already have a user record on several tenants, you will be able to choose which CDO tenant to connect to.
- If you do not already have a user record on an existing tenant, you will be able to learn more about CDO or request a trial account.
The Portals view retrieves and displays consolidated information from multiple tenants. See Manage Multiple CDO Tenants for more information.
The Tenant view shows several tenants on which you have a user record.