Skip to main content



Cisco Defense Orchestrator

Initial Login

For a quick walkthrough of the initial login process, review this short video: 

Two-Factor Authentication

Cisco Defense Orchestrator (CDO) requires two-factor authentication, providing an added layer of security in protecting user identity. Two-factor authentication (2FA) requires two components, or factors, to ensure the identity of the user logging into CDO. The first factor is a username and password and the second is a one-time password (OTP), which is generated on demand.

CDO uses OneLogin as its identity provider, facilitating both basic user management and 2FA. To log into CDO, you will first have to activate your account on OneLogin. Once confirmed, you will be prompted to configure your second factor OTP. CDO currently supports the following authentication applications:

  • Symantec VIP Access
  • Google Authenticator 
  • OneLogin OTP

(Be sure to download the authenticator/OTP app and not the product app)

Before activating your OneLogin account, choose and install one of the OTP applications on your mobile device from the App Store or Google Play. Note that these applications may not be compatible with every mobile device.

To activate your OneLogin account:

  1. Download and install one of the OTP applications onto your mobile device from the Google Play Store or the Apple App Store.

    (Note that the Google Authenticator app requires installing a second, barcode-scanning app.) 

  2. Open the email Invitation to OneLogin from Cisco – Cisco Defense Orchestrator. The provided link is unique to your account and is valid for 24 hours. If this window has been exceeded, regenerate the token by naviging to or contact to reset your account. 
  3. Click the provided link and choose a password on the login page.

  4. You will be prompted to re-enter your username and password and select an OTP application.
  5. If using OneLogin or VIP Access, enter the OTP application Credential ID and two sequential security codes. If using Google Authenticator, scan the barcode on the screen and enter the first OTP. You will be prompted for a second OTP after logging in.

It is important that your device clock is synchronized with real time as the OTP is time based. Make sure your device clock set automatically or manually set it to the correct time. 

  1. Click CDO the first time you log in. (You will see this page the first time only.)
  2. Once you have successfully logged in to CDO, you will be asked to review and/or download the license agreement.

That completes the onetime single-sign-on process.


The next time you log in, go to and enter your credentials.

During subsequent logins you will be required to enter your username, password, and then the token displayed by the app. (With OneLogin it is not necessary to type the code. You can use the Send OTP command.) 

If you have an questions or difficulties please contact