Skip to main content



Cisco Defense Orchestrator

Logging in to CDO Documentation Using OneLogin

Initial Login to Your New CDO Tenant

This topic describes how to create a new Cisco Secure Sign-On account with Duo multi-factor authentication for your CDO tenant.

Two-Factor Authentication

Cisco Defense Orchestrator (CDO) requires two-factor authentication, providing an added layer of security in protecting user identity. Two-factor authentication (2FA) requires two components, or factors, to ensure the identity of the user logging into CDO. The first factor is a username and password and the second is a one-time password (OTP), which is generated on demand.

CDO uses OneLogin as its identity provider, facilitating both basic user management and 2FA. To log into CDO, you will first have to activate your account on OneLogin. Once confirmed, you will be prompted to configure your second factor OTP. 


Install an OTP App. Before activating your OneLogin account, choose and install one of these OTP applications from the App Store or Google Play on your mobile device. Note that these applications may not be compatible with every mobile device.

Google Authenticator 


OneLogin Protect


Symantec VIP Access


Time Synchronization. You are going to use your mobile device to generate a one time password. It is important that your device clock is synchronized with real time as the OTP is time-based. Make sure your device clock set automatically or manually set it to the correct time. 


Configuring two factor authentication for your CDO account is a three part process.

  1. Download an OTP app to your mobile device.
  2. Pair it with your CDO account.
  3. Login in to CDO using that OTP app.

The following procedure steps through those three parts.


Activate your One Time Password Account and Log In to CDO

  1. Download and install one of the OTP applications onto your mobile device from the Google Play Store or the Apple App Store.

  2. Open the email Invitation to OneLogin from Cisco – Cisco Defense Orchestrator. The provided link is unique to your account and is valid for 24 hours. If this window has been exceeded, regenerate the token by navigating to or contact Support from the CDO UI to reset your account. 
  3. Click the provided link and choose a password on the login page.

  4. CDO prompts you to re-enter your username and password and to then select an OTP method. Select an OTP method.


  1. Based on the method you choose, CDO presents you with a QR code or bar code to pair your OTP application with your CDO account. Here is an example of CDO's QR code for pairing a OneLogin Protect app.


  1. On your mobile device, in your OTP application, create an account for CDO. Here is an example of how this looks using OneLogin Protect:


  1. Use OTP application on your mobile device to scan the code that CDO presented to you. Here is an example of scanning a QR code using OneLogin Protect on a mobile device. 


When the OTP app is paired with your mobile device you receive confirmation from CDO. This is an example of the confirmation after pairing OneLogin Protect with a CDO account.


  1. Now that your CDO account is paired with an OTP app, use that app to login to CDO. CDO presents a login dialog. Enter your username and password as you have before.


  1. Open the OTP app on your mobile device and send the OTP password, or type the OTP password, into the CDO login dialog. Here is an example of the OneLogin Protect app. (Using OneLogin, tapping "Accept" sends the one time password to CDO.)


  1. Once you have successfully logged in to CDO, you will be asked to review and/or download the license agreement.

That completes the onetime single-sign-on process.

Subsequent Logins

The next time you log in, go to and enter your username, password, and then the one time password displayed by the app. 

If you have an questions or difficulties please contact Support from the CDO UI.

  • Was this article helpful?