Skip to main content

 

Cisco Meraki Documentation

Cisco Secure Connect - Identity Provider (IdP) Setup

Typically, user authentication to your network and applications is managed by an Identity Provider (IdP). Cisco Secure Connect integrates with various identity providers (IdPs). IdPs can provision users and groups identities into Secure Connect and provide authentication and authorization of the users and groups. Secure Connect also supports manually importing users and groups identities from CSV files.

Secure Connect must integrate with an IdP to provide end-user Single Sign-on (SSO) for below scenarios:

  • Client-based VPN Access
  • Clientless (Browser-based) ZTNA (Zero Trust Network Access)
  • Client-based ZTNA (Zero Trust Network Access)
  • Enforcement of User-based internet access policies

There are two key standards for identity management used by Secure Connect:

  • SAML: Security Assertion Markup Language for SSO authentication
  • SCIM: System for Cross-domain Identity Management for user and group provisioning, updating and de-provisioning. 

Secure Connect establishes a trust relationship with the IdP which allows users to authenticate with their existing credentials via SAML and synchronize any changes made in your IdP with Secure Connect via SCIM.  Currently, SCIM is only supported with Meraki Cloud Auth, Azure Active Directory (Microsoft Entra ID), and Okta.  For other IdPs, there is a manual user provisioning option. Client-based ZTNA doesn't support Meraki Auth.

Use the links to below to integrate your IdP solution with Secure Connect.

Cisco Duo Single Sign-on

Cisco Duo Single Sign-On acts as an identity provider (IdP) proxy, authenticating users using existing on-premises Active Directory (AD) or another SSO IdP. It provides a consistent login experience for every application, cloud or on-premises. Click here for the steps to integrate Duo Single Sign-on with Cisco Secure Connect.

Azure Active Directory (Microsoft Entra ID)

If your organization is using Azure Active Directory you will need to complete these two steps:

  1. Azure Active Directory (Microsoft Entra ID) SCIM Configuration
  2. Azure Active Directory (Microsoft Entra ID) SAML Configuration
Okta

If your organization is using Okta you will need to complete these two steps:

  1. Okta SCIM Configuration
  2. Okta SAML Configuration
Other

If you are not using one of the IdPs above, use this link to access the Umbrella documentation for SAML setup.