Skip to main content



Cisco Defense Orchestrator

Integrate Your SAML Single Sign-On with Cisco Defense Orchestrator

Cisco Defense Orchestrator (CDO) uses Cisco Secure Sign-On as its SAML single sign-on identity provider (IdP) and Duo Security for multi-factor authentication (MFA). This is CDO's preferred authentication method.

If, however, customers want to integrate their own SAML single sign-on IdP solution with CDO, they can as long as their IdP supports SAML 2.0 and identity provider-initiated workflow.


CDO Prerequisites

Based on how you access CDO, CDO needs to provide you with several pieces of information. 

If you access CDO at, you need this information: 

If you access CDO at, you need this information: 

Customer Prerequisites

You must meet these requirements and provide this information: 

  • Your SAML SSO identity provider service must support SAML 2.0.
  • Your SAML SSO identity provider service must support identity provider-initiated flow.
  • Provide CDO with your signing public certificate. This can be provided in IdP Metadata XML file.
  • Provide CDO with your issuer URL. This can be provided in IdP Metadata.XML file.
  • The SAML NameID in the assertion should be mapped to the user's email address. 

Integrate Customer SAML SSO with CDO

Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. CDO support will work with you to verify the information you provided and test the SAML SSO login.

Note: Customers using their own SAML SSO solution with CDO will only be able to access CDO using their own SSO application portal.  They will no longer be able to access CDO by navigating to

  • Was this article helpful?