Access Cisco Global Launchpad

Access Hosted Cisco Global Launchpad

You can access Cisco Global Launchpad with Cisco DNA Portal.

If you are new to Cisco DNA Portal, you must create a Cisco account and a Cisco DNA Portal account. Then you can log in to Cisco DNA Portal to access Cisco Global Launchpad.

If you are familiar with Cisco DNA Portal and have a Cisco account and a Cisco DNA Portal account, you can directly log in to Cisco DNA Portal to access Cisco Global Launchpad.

Log In to the Cisco DNA Portal with Cisco

To access Cisco Global Launchpad through the Cisco DNA Portal, you must log in to the Cisco DNA Portal.

Procedure

Step 1

In your browser, enter:

dna.cisco.com/valaunchpad

The Cisco DNA Portal login window is displayed.

Step 2

Perform one of these actions:

  1. If you have a Cisco account, click Log In With Cisco.

  2. If you do not have a Cisco account, click Create a new account. In the window that appears, enter the information for your account and click Continue. For more information, see Creating a Cisco account.

Step 3

Enter your Cisco account email in the Email field, and click Next.

Step 4

Enter your Cisco account password in the Password field, and click Log in.

The VA Launchpad page appears.

Log In to Cisco Global Launchpad

The Cisco Global Launchpad supports the following authentication methods:

  • Log In Using IAM: This method uses the credentials from your Cisco account.

  • Log In Using Federated Identity: Federated access ensures that an identity provider (IdP), such as your organization, is responsible for user authentication and sending information to Cisco Global Launchpad to help determine the scope of resource access to be granted after login. For the first-time login, the user will have an admin user role, which creates the CiscoDNACenter role. The admin can assign this role to subsequent users. The CiscoDNACenter role has the same permissions as the CiscoDNACenter user group. For details about the permissions granted by this role, see the Cisco DNA Center on AWS Deployment Guide.

    You can use the saml2aws CLI or the AWS CLI to generate tokens to log in to Cisco Global Launchpad as a federated user. For information, see the following topics:


Note

Cisco Global Launchpad does not store your AWS credentials.

Log In Using IAM

This procedure shows you how to log in to Cisco Global Launchpad using identity and access management (IAM). If your company uses MFA, you can choose to log in using this method.


Note

Do not open the application in more than one browser tab, in multiple browser windows, or in multiple browser applications at the same time.

Before you begin

Make sure the following requirements are met:

  • Your AWS account has the administrator access permission assigned to it.

  • Cisco Global Launchpad is installed or you have access to the hosted Cisco Global Launchpad.

  • You have your AWS Access Key ID and Secret Access Key on hand.

  • If your company uses multifactor authentication (MFA), MFA needs to be set up in AWS before you log in. For information, see the Enabling a virtual multi-factor authentication (MFA) device (console) topic in the AWS documentation.

Procedure

Step 1

From a browser window, do one of the following:

  • If you installed Cisco Global Launchpad locally, enter the Cisco Global Launchpad URL in the following format:

    http://<localhost>:<client-port-number>/valaunchpad

    For example:

    http://192.0.2.1:90/valaunchpad

  • If you are accessing the hosted Cisco Global Launchpad, enter dna.cisco.com and follow the on-screen prompts to log in. (For information, see Log In to the Cisco DNA Portal with Cisco.)

    From the Cisco DNA Portal home page, click the menu icon and choose VA Launchpad.

The AWS login window is displayed.

Step 2

Under the AWS logo, click the IAM Login radio button.

Step 3

Enter your credentials in the fields.

For information about how to get an Access Key ID and Secret Access Key, see the AWS Managing access keys topic in the AWS Identity and Access Management User Guide on the AWS website.

Step 4

(Optional) If your company uses MFA, click the Use MFA authentication check box.

Step 5

Click Authenticate.

If you are logging in with MFA, choose your MFA device from the drop-down list and enter your MFA passcode.

After logging in successfully, the Login Status screen is displayed. This page displays the statuses of various operations that the system performs when you log in. Then the Dashboard pane is displayed and the us-east-1 region is selected by default.

Step 6

If you're prompted to update the region version, follow the prompts to complete the update. For more information, see Update a Region.

Step 7

If you encounter any login errors, you need to resolve them and log in again.

Log In Using Federated Identity

This procedure shows you how to log in to Cisco Global Launchpad using a federated identity.


Note

Do not open the application in more than one browser tab, in multiple browser windows, or in multiple browser applications at the same time.

Before you begin

Make sure the following requirements are met:

Procedure

Step 1

From a browser window, do one of the following:

  • If you installed Cisco Global Launchpad locally, enter the Cisco Global Launchpad URL in the following format:

    http://<localhost>:<client-port-number>/valaunchpad

    For example:

    http://192.0.2.1:90/valaunchpad

  • If you are accessing the hosted Cisco Global Launchpad, enter dna.cisco.com and follow the on-screen prompts to log in.

    From the Cisco DNA Portal home page, click the menu icon and choose VA Launchpad .

The AWS login window is displayed.

Step 2

Under the AWS logo, click the Federated Login radio button.

Step 3

Enter your credentials in the fields.

For more information, see Generate Federated User Credentials Using saml2aws or Generate Federated User Credential Using AWS CLI.

Step 4

Click Authenticate.

After you log in successfully, the Login Status screen is displayed. This page displays the statuses of various operations that the system performs when you log in. Then the Dashboard pane is displayed and the us-east-1 region is selected by default.

Step 5

If you're prompted to update the region version, follow the prompts to complete the update. For more information, see Update a Region.

Step 6

If you encounter any login errors, you need to resolve them and log in again. For more information, see the Cisco DNA Center 2.3.5 on AWS Deployment Guide.

Generate Federated User Credentials Using saml2aws

You can generate temporary AWS credentials using a Command Line Interface (CLI) tool and use the generated credentials to log in to Cisco Global Launchpad.

Procedure

Step 1

From the CLI, install saml2aws. For information, see the detailed instructions on Github.

Step 2

Verify the installation by entering saml2aws.

If the installation is successful, the following output is displayed:

Step 3

Configure your account.

  1. Enter saml2aws configure.

  2. At the Please choose a provider prompt, use the up- or down-arrow keys to choose a provider or enter the provider name. When done, press Enter.

  3. At the AWS Profile prompt, press Enter to use the default AWS profile.

  4. At the URL prompt, enter the URL of your identity provider (IdP) and press Enter.

    Note

     

    You can get this information from your IdP.

  5. At the prompts, enter your username and password and press Enter.

Step 4

Generate your federated credentials.

  1. Enter saml2aws login.

  2. At the prompts, enter your username and password.

  3. At the prompt, select either the Admin or CiscoDNACenter role and press Enter.

    Note

     

    Ensure that the tokens created for these roles have a minimum expiry of 180 minutes (3 hours).

Your credentials are generated and stored in ~/aws/credentials.

Step 5

Download the credentials by entering saml2aws script.

Step 6

Note the values of the following parameters as you will use them to log in to Cisco Global Launchpad as a federated user:

  • AWS_ACCESS_KEY_ID

  • AWS_SECRET_ACCESS_KEY

  • AWS_SESSION_TOKEN

Step 7

On the Cisco Global Launchpad login window, select Federated Login and enter the generated credentials in the corresponding fields.

Generate Federated User Credential Using AWS CLI

You can generate temporary AWS credentials using the AWS Command Line Interface (CLI) and use these credentials to log in to Cisco Global Launchpad.

Procedure

Step 1

In a browser window, navigate to the AWS Single Sign On (SSO)/Active Directory (AD) window.

Step 2

In the AWS Single Sign On (SSO)/Active Directory (AD) window, click the AWS Console link.

The following window is displayed.

Step 3

Right-click anywhere in the window, and from the drop-down menu, choose Inspect Element or Inspect (depending on the browser).

Note

 

You can also press the F12 key to open the Developer Tools panel.

The Developer Tools panel is displayed, similar to the following window.

Step 4

In the Developer Tools panel, click the Network tab and check the Preserve Log check box. (This option can be found on the tool panel, right beside the Magnifying Glass icon.)

Step 5

In the AWS Console, click Sign In.

Step 6

In the Developer Tools panel, filter the required API calls by entering saml in the Filter field.

Step 7

Click the API request named saml.

Step 8

Click the Payload tab.

The saml API response is displayed under the Form Data tab.

Step 9

Copy the value of the SAML response.

Note

 

Be sure to copy the entire value, but do not copy the SAMLResponse field name.

Step 10

Navigate to your AWS Console, choose IAM > Access Management > Identity Providers, and select your IdP.

Step 11

Obtain the following details for your IdP:

  • Role assigned to the IdP

  • Amazon Resource Name (ARN) of the IdP

Step 12

From the AWS CLI, enter the following command:

aws sts assume-role-with-saml --role-arn <Role-Arn> --principal-arn <IDP-Arn> --saml-assertion <SAML response>

The variables in this command refer to the values obtained earlier, as follows:

  • <Role-Arn>: Role assigned to the IdP, obtained in Step 11.

  • <IDP-Arn>: Amazon Resource Name (ARN) of the IdP, obtained in Step 11.

  • <SAML response>: Value of the SAML response, obtained in Step 9.

For example:

Output similar to the following output is displayed:

{
"Credentials": {
"AccessKeyId": "xxxx",
"SecretAccessKey": "xxxxx",
"SessionToken": "xxxxxxxxx,
"Expiration": "2023-03-10T18:07:15+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "xxx:user@sso.com",
"Arn":"arn:aws:sts::059356109852:assumed-role/ADFS-AWS-ADMIN/user@sso.com"
},
"Subject": "SSO\\USER",
"SubjectType": "transient",
"Issuer": "http://EC2AMAZ-MH1F3CD.sso.com/adfs/services/trust",
"Audience": "https://signin.aws.amazon.com/saml",
"NameQualifier": "POIUYTRFVNMKJGFKJHJJHJcYLQCePSAZg="
}

Step 13

Note the values of the following generated credentials:

  • AccessKeyId

  • SecretAccessKey

  • SessionToken

Step 14

On the Cisco Global Launchpad login window, select Federated Login and enter the generated credentials from Step 13 in the corresponding fields.

Log Out

Depending on how you accessed your Cisco Global Launchpad account, you either need to log out of only Cisco Global Launchpad or both Cisco Global Launchpad and Cisco DNA Portal.

Procedure

Step 1

To log out of Cisco Global Launchpad, do the following:

  1. In the left navigation pane, click Log out.

  2. In the Confirmation dialog box, click Log Out.

Step 2

(Optional) If you accessed Cisco Global Launchpad through Cisco DNA Portal, you must also log out of Cisco DNA Portal. Do the following:

  1. In the upper-right corner of the Cisco DNA Portal GUI, click your displayed username.

  2. Click Log Out.