Skip to main content



Cisco Defense Orchestrator

Integrate Your Duo Single Sign-On with CDO

Cisco Defense Orchestrator (CDO) uses OneLogin as its Duo single sign-on (SSO) identity provider (IdP) facilitating both basic user management and two-factor-authentication. 


CDO Prerequisites

Based on how you accesses CDO, CDO needs to provide you with several pieces of information. 

If you access CDO at, you need this information: 

If you access CDO at, you need this information: 

Customer Prerequisites

  • Have a working Duo Access Gateway deployed. See Duo Access Gateway for more information. 
  • Provide CDO with your issuer URL and DAG public certificate. This can be provided in the downloadable XML Metadata file available from the Applications > Admin Panel > Applications page of the Duo Access Gateway.
  • Provide a list of all the email addresses that need access to the desired tenant in CDO.


Integrate Duo Single Sign-On with CDO

Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. CDO support will work with you to verify the information you provided and test the Duo SSO login.


Related Articles: 


  • Was this article helpful?