Cisco Secure Connect - Identity Provider (IdP) Setup

Typically, user authentication to your network and applications is managed by an Identity Provider (IdP). Cisco Secure Connect integrates with various identity providers (IdPs). IdPs can provision users and groups identities into Secure Connect and provide authentication and authorization of the users and groups. Secure Connect also supports manually importing users and groups identities from CSV files.

Secure Connect must integrate with an IdP to provide end-user Single Sign-on (SSO) for below scenarios:

• Client-based VPN Access
• Clientless (Browser-based) ZTNA (Zero Trust Network Access)
• Client-based ZTNA (Zero Trust Network Access)
• Enforcement of User-based internet access policies

There are two key standards for identity management used by Secure Connect:

• SAML: Security Assertion Markup Language for SSO authentication
• SCIM: System for Cross-domain Identity Management for user and group provisioning, updating and de-provisioning. 

Secure Connect establishes a trust relationship with the IdP which allows users to authenticate with their existing credentials via SAML and synchronize any changes made in your IdP with Secure Connect via SCIM.  Currently, SCIM is only supported with Meraki Cloud Auth, Azure Active Directory (Microsoft Entra ID), and Okta.  For other IdPs, there is a manual user provisioning option. Client-based ZTNA doesn't support Meraki Auth.

Use the links to below to integrate your IdP solution with Secure Connect.