Cisco SecureX Sign-On Integration
Cisco SecureX reached end of support in July 31, 2024. Therefore, this feature isn't available in the dashboard anymore.
You can still enjoy a Single Sign-On experience when using your Dashboard. You can Configure SAML Single Sign-On for Dashboard as an alternative solution to Cisco SecureX. This article explains how to do it: Configuring SAML Single Sign-on for Dashboard.
This document is still available as a reference only for customers who implemented it before end of support date. You can read more about the SecureX end-of-sale and end-of-life by clicking here.
By Darshit Hundiwala, Alex Katsman and Philip Dayboch
Cisco SecureX Sign-On is an authentication method where you can log in to Dashboard from the SecureX Sign-On page. It allows you to easily access Cisco security products, with the same set of credentials and from any device. Once you sign in with your username and password, your SecureX Sign-On home page displays all your Cisco products as apps in one customizable dashboard.
SecureX Sign-On uses Security Assertion Markup Language (SAML) which is an XML-based open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The advantages of using SecureX Sign-On include easier management of credentials for Cisco security products. In addition, customers get Duo 2-factor-authentication enabled by default.
Enabling SecureX Sign-On
Navigate to Organization > Settings and click the SecureX Sign-On checkbox under the Authentication section.
Once enabled, every time a new Dashboard user is created under Organization > Administrators, you will see an option to choose if that user would use SecureX Sign-On to login to Dashboard.
Meraki cannot migrate existing users to use SecureX Sign-On, the option to allow SecureX Sign-On login will only be presented when creating a new user.
Note: The email address for the new administrator cannot match an existing Dashboard administrator or Meraki Authentication user's email address.
The Dashboard login page will request you to enter your email address. If the email has SecureX Sign-On enabled, you will be redirected to sign-on.security.cisco.com
Multiple Organization Access
SecureX allows administrators the ability to access multiple Dashboard organizations when using the same email address. If a user that already has access to at least one organization is added to an additional organization, the user account status will show up in the latter organization as 'Unverified', as seen below.
On the next successful login, the new user will be prompted to accept permissions into the new organization.
After selecting 'Yes', the new user account status will be 'Ok' and they will be granted access to the organization.
Selecting 'No' at this prompt will delete the unverified user from the organization.
(The following section is also present on the SecureX Sign-On Quick Start Guide)
If You Already Have a SecureX Sign-On Account
Enter your username. Your security image is displayed automatically, if you've previously completed a successful sign-in on the web browser you're using. This feature requires browser cookies.
Caution: If you've successfully signed in on the current web browser before and have not cleared cookies, do not enter your password if your security image does not display when you enter your username. If your security image does not appear, close the web browser, and confirm that you're using the correct web address to sign in. Then, open a new web browser window, type the web address in manually, and enter your username. If your security image is still not displayed, please contact your product support team.
- Enter your password.
- Click Sign In. If you see the Sign in failed! error message, your username and password do not match those specified for your profile, or you do not have access permission. Please contact your product support team.
- At the Duo MFA prompt, push a notification to your registered device, and tap approve on it to authenticate.
- Welcome to your SecureX Sign-On dashboard!
If You Do Not Have a SecureX Sign-On Account
- Select Sign Up.
- Complete the form, and click Register.
- Find the Activate Account email from SecureX Sign-On, and click Activate Account.
- Set up MFA by configuring Duo Security. Two-factor authentication (a type of MFA) enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
- Choose a device and follow the prompts to register the device. For more information, see Duo Guide to MFA and Device Enrollment. If you already have the Duo app on your device, you'll receive an activation code for this account. Duo supports multiple accounts on one device.
- For additional security, we recommend that you register at least two different devices. Click +Add another device and follow the prompts to register another device. For more information, see Duo Guide to MFA and Device Management.
- Once your device is paired with your account, click Finish. Optionally, existing users of Google Authenticator for MFA can add it here as a backup factor by clicking Setup Google Authenticator and following the prompts.
- Choose a "forgot password" question and its answer.
- Add a phone number for resetting your password or unlocking your account using SMS. SecureX Sign-On can send you a text message with a recovery code. This is useful when you don't have access to your email account.
- Choose a security image.
- Click Create my account.
- Welcome to your SecureX Sign-On dashboard!
- On the SecureX Sign-On dashboard, click on the Meraki tile to launch that app, no passwords needed.
- Alternatively if you have SecureX Sign-On enabled for a user on the dashboard and the user has an SecureX Sign-On account , you can navigate to sign-on.security.cisco.com and log in using your credentials, a Meraki app tile will be available on the SecureX Sign-On dashboard (you can also search for it in the Launch App field).