About Logging in to CDO
Cisco Defense Orchestrator (CDO) uses Cisco Secure Sign-On as its identity provider and Duo for multi-factor authentication (MFA). To log into CDO, you must first create your account in Cisco Secure Sign-On and configure MFA using Duo.
CDO requires MFA which provides an added layer of security in protecting your user identity. Two-factor authentication, a type of MFA, requires two components, or factors, to ensure the identity of the user logging into CDO. The rst factor is a username and password, and the second is a one-time password (OTP), which is generated on demand.
Important: If your CDO tenant existed before October 14, 2019, use Migrating to Cisco Secure Sign-On Identity Provider for log in instructions instead of this article.
Before you Log In
Install DUO Security. We recommend installing the Duo Security app on a mobile phone. Review Duo Guide to Two Factor Authentication: Enrollment Guide if you have questions about installing Duo.
Time Synchronization. You are going to use your mobile device to generate a one-time password. It is important that your device clock is synchronized with real time as the OTP is time-based. Make sure your device clock set automatically or manually set it to the correct time.
Create a New Cisco Secure Sign-On Account and Configure Duo Multi-factor Authentication
The initial sign-on workow is a four-step process. You need to complete all four steps.
- Sign Up for a New Cisco Secure Sign-On Account
- Browse to https://sign-on.security.cisco.com.
- At the bottom of the Sign In screen, click Sign up.
- Fill in the fields of the Create Account dialog and click Register.
Here are some tips:
- Email-Enter the email address that you will eventually use to log in to CDO.
- Organization-Add a name to represent your company.
- After you click Register, Cisco sends you a verification email to the address you registered with. Open the email and click Activate Account.
2. Set up Multi-factor Authentication Using Duo
We recommend using a mobile device when setting up multi-factor authentication.
- In the Set up multi-factor authentication screen, click Configure factor.
- Click Start setup and follow the prompts to choose a mobile device and verify the pairing of that mobile device with your account.
For more information, see Duo Guide to Two Factor Authentication: Enrollment Guide. If you already have the Duo app on your device, you'll receive an activation code for this account. Duo supports multiple accounts on one device.
- At the end of the wizard click Continue to Login.
- Log in to Cisco Secure Sign-On with the two-factor authentication.
3. (Optional) Setup Google Authenticator as an additional authenticator.
- Choose the mobile device you are pairing with Google Authenticator and click Next.
- Follow the prompts in the setup wizard to setup Google Authenticator.
4. Configure Account Recovery Options for your Cisco Secure Sign-On Account
- Choose a recovery phone number for resetting your account using SMS.
- Choose a security image.
- Click Create My Account. You now see the Cisco Security Sign-On dashboard with the CDO app tiles. You may also see other app tiles.
Tip: You can drag the tiles around on the dashboard to order them as you like, create tabs to group tiles, and rename tabs.
Launch CDO from the Cisco Secure Sign-On Dashboard
- Click the appropriate CDO tile on the Cisco Secure Sign-on dashboard. The CDO tile directs you to https://defenseorchestrator.com, the CDO (EU) tile directs you to https://defenseorchestrator.eu, the CDO (APJC) tile directs you to https://www.apj.cdo.cisco.com/.
- Click the authenticator logo to choose Duo Security or Google Authenticator if you have set up both authenticators.
- If you already have a user record on an existing tenant, you are logged into that tenant.
- If you already have a user record on several portals, you will be able to choose which portal to connect to.
- If you already have a user record on several tenants, you will be able to choose which CDO tenant to connect to.
- If you do not already have a user record on an existing tenant, you will be able to learn more about CDO or request a trial account.
The Portals view retrieves and displays consolidated information from multiple tenants. See Manage Multiple CDO Tenants for more information.
The Tenant view shows several tenants on which you have a user record.
Troubleshooting Login Failures
If you can't log in or you can't reach CDO, try one of these troubleshooting tips.
Login Fails Because You are Inadvertently Logging in to the Wrong CDO Region
Make sure you are logging into the appropriate CDO region. After you log into https://sign-on.security.cisco.com, you will be given a choice of what region to access. Click the CDO tile to access defenseorchestrator.com, CDO (EU) to access defenseorchestrator.eu, or CDO (APJC) to access https://www.apj.cdo.cisco.com/.