Secure Access Migration Single Sign On Authentication Configuration with Cisco Cloud Sign-On

Available Languages

Download Options

  • PDF     (4.4 KB)
    View with Adobe Reader on a variety of devices
Updated:April 6, 2026
Document ID:225918

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

During the migration from Umbrella to Secure Cloud Control, administrative Single Sign-On (SSO) behavior changed unexpectedly. Instead of using the previously configured Microsoft Entra ID for authentication and MFA, administrators were required to authenticate using Cisco Cloud sign-on with DUO. This resulted in administrators being prompted to set new passwords and enroll in DUO for multi-factor authentication.

Environment

  • Technology: Secure Access (formerly Umbrella)
  • Migration: Umbrella to Secure Cloud Control
  • Authentication: Microsoft Entra ID (Azure AD) configured as Identity Provider
  • Multi-Factor Authentication: Microsoft 365 MFA previously configured
  • New Authentication Method: Cisco Cloud sign-on with DUO

Resolution

The authentication migration from Microsoft Entra ID to Cisco Cloud sign-on is a mandatory step that occurs during the Secure Access migration process. The following steps should be followed to properly configure SAML UI authentication:

Step 1: Complete the Secure Access Migration

Complete the full Secure Access migration before attempting to configure SAML UI authentication in Secure Access. This ensures all components are properly migrated and ready for authentication configuration.

Step 2: Configure SAML Authentication via Security Cloud Control

SAML UI authentication configuration is now managed through the Security Cloud Control (SCC) interface rather than directly within Secure Access. Navigate to Security Cloud Control > Authentication Settings to access the identity provider configuration options.

Step 3: Review Identity Provider Configuration

Review and validate the identity provider configuration in the Security Cloud Control page. Ensure that the Microsoft Entra ID integration is properly configured for the new environment.

Cause

The authentication behavior change is part of the mandatory migration process from Umbrella to Secure Access. During this migration, the SAML authentication automatically transitions from Microsoft Entra ID to Cisco Cloud sign-on, which requires DUO for multi-factor authentication. This is a required architectural change in the new Secure Access platform where authentication settings are managed centrally through Security Cloud Control rather than within the individual product interfaces.

Related Content

Revision History

Revision Publish Date Comments
1.0
14-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • TAC

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products