Typically, user authentication to your network and applications is managed by an Identity Provider (IdP). For the services, listed below Cisco+ Secure Connect must integrate with an IdP to provide end-user Single Sign-on (SSO) for:
- Client-based remote access
- Client-less-based (ZTNA) remote access
- Enforcement of User-based internet access policies
There are two key standards for identity management used by Cisco+ Secure Connect:
- SAML: Security Assertion Markup Language for SSO authentication
- SCIM: System for Cross-domain Identity Management for user and group provisioning, updating and de-provisioning.
Cisco+ Secure Connect establishes a trust relationship with the IdP and which allows users to authenticate with their existing credentials via SAML and synchronize any changes made in your IdP with Cisco+ Secure Connect via SCIM. Currently, SCIM is only support with Meraki Cloud Auth, Azure Active Directory and Okta. For other IdPs, there is a manual user provisioning option.
Use the links to below to integrate your IdP solution with Secure Connect.
Meraki Cloud Auth
Meraki Cloud Auth is a no cost IdP service for Cisco Meraki customers. It is recommended to use Meraki Cloud Auth as your IDP if your organization:
- Already using Meraki Cloud Auth
- Does not currently have an IdP solution
Click here for the steps to integrate Meraki Cloud Auth with Cisco Secure Connect.
Cisco Duo Single Sign-on
Cisco Duo Single Sign-On acts as an identity provider (IdP), authenticating users using existing on-premises Active Directory (AD) or another SSO IdP. It provides a consistent login experience for every application, cloud or on-premises. Click here for the steps to integrate Duo Single Sign-on with Cisco Secure Connect.
Azure Active Directory
If your organization is using Azure Active Directory you will need to complete these two steps:
If your organization is using Okta you will need to complete these two steps:
If you are not using one of the IdPs above, use this link to access the Umbrella documentation for SAML setup. (https://docs.umbrella.com/umbrella-u...l-integrations)