Cisco Defense Orchestrator (CDO) uses OneLogin as its Duo single sign-on (SSO) identity provider (IdP) facilitating both basic user management and two-factor-authentication.
Based on how you accesses CDO, CDO needs to provide you with several pieces of information.
If you access CDO at https://defenseorchestrator.com, you need this information:
- The Assertion Consumer Service (ACS) URL: https://www.defenseorchestrator.com/saml/login
- CDO's entity ID: https://www.defenseorchestrator.com/saml/login
- The audienceURL: www.defenseorchestrator.com
If you access CDO at https://defenseorchestrator.eu, you need this information:
- Have a working Duo Access Gateway deployed. See Duo Access Gateway for more information.
- Provide CDO with your issuer URL and DAG public certificate. This can be provided in the downloadable XML Metadata file available from the Applications > Admin Panel > Applications page of the Duo Access Gateway.
- Provide a list of all the email addresses that need access to the desired tenant in CDO.
Integrate Duo Single Sign-On with CDO
Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. CDO support will work with you to verify the information you provided and test the Duo SSO login.