Cisco Defense Orchestrator (Defense Orchestrator) uses OneLogin as its SAML single sign on (SSO) identity provider (IdP) facilitating both basic user management and two-factor-authentication. This is Defense Orchestrator's preferred authentication method.
If, however, customers want to integrate their own SAML single sign on IdP solution with Defense Orchestrator, they can as long as their IdP supports SAML 2.0 and identity provider-initiated workflow.
Defense Orchestrator Prerequisites
- Customer's SAML SSO identity provider service must support SAML 2.0.
- Customer's SAML SSO identity provider service must support identity provider-initiated flow.
- Customer provides a sample assertion.
- Provide Defense Orchestrator with their signing public certificate. This can be provided in IdP Metadata XML file.
- Provide Defense Orchestrator with their issuer URL. This can be provided in IdP Metadata.XML file.
- SAML NameID in the assertion should be mapped to the user's email address.
Integrate Customer SAML SSO with Defense Orchestrator
Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. Defense Orchestrator will work with you to verify the information you provided and test the SAML SSO login.
Note: Customers using their own SAML SSO solution with Defense Orchestrator will only be able to access Defense Orchestrator using their own SSO application portal. They will no longer be able to access Defense Orchestrator by navigating to https://www.defenseorchestrator.com.