Cisco Secure Connect - Identity Provider (IdP) Setup
Typically, user authentication to your network and applications is managed by an Identity Provider (IdP). For the services, listed below Cisco Secure Connect must integrate with an IdP to provide end-user Single Sign-on (SSO) for:
- Client-based remote access
- Client-less-based (ZTNA) remote access
- Enforcement of User-based internet access policies
There are two key standards for identity management used by Secure Connect:
- SAML: Security Assertion Markup Language for SSO authentication
- SCIM: System for Cross-domain Identity Management for user and group provisioning, updating and de-provisioning.
Secure Connect establishes a trust relationship with the IdP which allows users to authenticate with their existing credentials via SAML and synchronize any changes made in your IdP with Secure Connect via SCIM. Currently, SCIM is only support with Meraki Cloud Auth, Azure Active Directory and Okta. For other IdPs, there is a manual user provisioning option.
Use the links to below to integrate your IdP solution with Secure Connect.
Meraki Cloud Auth
Meraki Cloud Auth is a no cost authentication service for Cisco Meraki customers. It is built into Secure Connect and it is simple and quick to setup for faster Prof of Value process. Click here for the steps to integrate Meraki Cloud Auth with Cisco Secure Connect.
Cisco Duo Single Sign-on
Cisco Duo Single Sign-On acts as an identity provider (IdP) proxy, authenticating users using existing on-premises Active Directory (AD) or another SSO IdP. It provides a consistent login experience for every application, cloud or on-premises. Click here for the steps to integrate Duo Single Sign-on with Cisco Secure Connect.
Azure Active Directory
If your organization is using Azure Active Directory you will need to complete these two steps:
Okta
If your organization is using Okta you will need to complete these two steps:
Other
If you are not using one of the IdPs above, use this link to access the Umbrella documentation for SAML setup.