Cisco Defense Orchestrator (CDO) uses OneLogin as its SAML single sign on (SSO) identity provider (IdP) facilitating both basic user management and two-factor-authentication. This is CDO's preferred authentication method.
If, however, customers want to integrate their own SAML single sign on IdP solution with CDO, they can as long as their IdP supports SAML 2.0 and identity provider-initiated workflow.
- Customer's SAML SSO identity provider service must support SAML 2.0.
- Customer's SAML SSO identity provider service must support identity provider-initiated flow.
- Customer provides a sample assertion.
- Provide CDO with their signing public certificate. This can be provided in IdP Metadata.XML file.
- Provide CDO with their issuer URL. This can be provided in IdP Metadata.XML file.
- SAML NameID in the assertion should be mapped to the user's email address.
Integrate Customer SAML SSO with CDO
Contact Cisco Defense Orchestrator Support and provide the information in the prerequisites above. CDO will work with you to verify the information you provided and test the SAML SSO login.
Note: Customers using their own SAML SSO solution with CDO will only be able to access CDO using their own SSO application portal. They will no longer be able to access CDO by navigating to https://www.defenseorchestrator.com.