Skip to main content
Cisco Meraki Documentation

Cisco Secure Connect - Identity Provider (IdP) Setup

Typically, user authentication to your network and applications is managed by an Identity Provider (IdP). Cisco Secure Connect integrates with various identity providers (IdPs). IdPs can provision users and groups identities into Secure Connect and provide authentication and authorization of the users and groups. Secure Connect also supports manually importing users and groups identities from CSV files.

Secure Connect must integrate with an IdP to provide end-user Single Sign-on (SSO) for below scenarios:

  • Client-based remote access
  • Client-less-based (ZTNA) remote access
  • Enforcement of User-based internet access policies

There are two key standards for identity management used by Secure Connect:

  • SAML: Security Assertion Markup Language for SSO authentication
  • SCIM: System for Cross-domain Identity Management for user and group provisioning, updating and de-provisioning. 

Secure Connect establishes a trust relationship with the IdP which allows users to authenticate with their existing credentials via SAML and synchronize any changes made in your IdP with Secure Connect via SCIM.  Currently, SCIM is only support with Meraki Cloud Auth, Azure Active Directory (Microsoft Entra ID), and Okta.  For other IdPs, there is a manual user provisioning option.

Use the links to below to integrate your IdP solution with Secure Connect.

Cisco Duo Single Sign-on

Cisco Duo Single Sign-On acts as an identity provider (IdP) proxy, authenticating users using existing on-premises Active Directory (AD) or another SSO IdP. It provides a consistent login experience for every application, cloud or on-premises. Click here for the steps to integrate Duo Single Sign-on with Cisco Secure Connect.

Azure Active Directory (Microsoft Entra ID)

If your organization is using Azure Active Directory you will need to complete these two steps:

  1. Azure Active Directory (Microsoft Entra ID) SCIM Configuration
  2. Azure Active Directory (Microsoft Entra ID) SAML Configuration

If your organization is using Okta you will need to complete these two steps:

  1. Okta SCIM Configuration
  2. Okta SAML Configuration

If you are not using one of the IdPs above, use this link to access the Umbrella documentation for SAML setup.