Integrate Your SAML Single Sign-On with Cisco Defense Orchestrator
Cisco Defense Orchestrator (CDO) uses Cisco Secure Sign-On as its SAML single sign-on identity provider (IdP) and Duo Security for multi-factor authentication (MFA). This is CDO's preferred authentication method.
If, however, customers want to integrate their own SAML single sign-on IdP solution with CDO, they can as long as their IdP supports SAML 2.0 and identity provider-initiated workflow.
Prerequisites
CDO Prerequisites
Based on how you access CDO, CDO needs to provide you with several pieces of information.
If you access CDO at https://defenseorchestrator.com, you need this information:
- The Assertion Consumer Service (ACS) URL: https://www.defenseorchestrator.com/saml/login
- CDO's entity ID: https://www.defenseorchestrator.com/saml/login
- The audienceURL: https://www.defenseorchestrator.com/saml/login
- The recipientURL: https://www.defenseorchestrator.com/saml/login
If you access CDO at https://defenseorchestrator.eu, you need this information:
- The Assertion Consumer Service (ACS) URL: https://www.defenseorchestrator.eu/saml/login
- CDO's entity ID: https://www.defenseorchestrator.eu/saml/login
- Provide the customer with this audienceURL: https://www.defenseorchestrator.eu/saml/login
- The recipientURL: https://www.defenseorchestrator.eu/saml/login
Customer Prerequisites
You must meet these requirements and provide this information:
- Your SAML SSO identity provider service must support SAML 2.0.
- Your SAML SSO identity provider service must support identity provider-initiated flow.
- Provide CDO with your signing public certificate. This can be provided in IdP Metadata XML file.
- Provide CDO with your issuer URL. This can be provided in IdP Metadata.XML file.
- The SAML NameID in the assertion should be mapped to the user's email address.
Integrate Customer SAML SSO with CDO
Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. CDO support will work with you to verify the information you provided and test the SAML SSO login.
Note: Customers using their own SAML SSO solution with CDO will only be able to access CDO using their own SSO application portal. They will no longer be able to access CDO by navigating to https://www.defenseorchestrator.com.