Welcome

With Cisco SecureX sign-on, you can easily access all your Cisco Security products, with one set of credentials, from any device. Once you sign in with your username and password, all your Cisco Security products are displayed as apps in your customizable dashboard.

  • Click an app and you're automatically signed-in, for seamless workflows across your Cisco Security products. You no longer have to remember and juggle multiple passwords.

  • Arrange your apps any way you want. Tabs and a search bar help keep you organized.

  • Integration with Duo's Multi-Factor Authentication (MFA) means adaptive, layered, and simplified authentication. One push notification, one tap, instant access.

What's New

Sign In to Cisco SecureX Using Cisco Secure Sign-On

Starting on June 24, 2020, you'll be able to sign in to Cisco SecureX using your Cisco Secure Sign-On account. Henceforth, Cisco Secure Sign-On will be called Cisco SecureX sign-on.

Sign In to Cisco Secure Sign-On Using Your Microsoft Account

Starting on May 20, 2020, you'll be able to sign in to Cisco Secure Sign-On using your Microsoft account.

  • Who can use this method?

    Customers who use Microsoft Azure as their organization's identity provider (IdP).

  • What do I do to enable this method?

    Depending on the customer’s Microsoft Azure configuration, it works transparently for the organization. Otherwise, once the first user attempts access, an administrator needs to approve it in the Azure portal. For configuration details, go to the Microsoft Docs website and see their Azure documentation on these topics:

    • Assign a user or group to an enterprise app

    • Grant tenant-wide admin consent to an app

    • Configure the admin consent workflow

  • Will this pull user identity attributes from the customer’s Microsoft Azure Active Directory (AD) profile?

    Yes, it will pull first name, last name, display name, title, mobile phone, and organization.

  • Will this pull Azure group information and allow it to be recognized and used by applications secured by Cisco Secure Sign-On?

    No, group assignment and role permissions are handled by each Cisco application individually.

  • Will this change the way I access applications that use Cisco Secure Sign-On?

    No, as long as you use the same username, you remain mapped into the applications just as before; it only changes the way you authenticate.

  • Will I be able to keep and use both accounts?

    Yes and yes.

  • How does this affect Cisco employees with an @cisco.com username?

    Cisco has not enabled Microsoft sign-in for @cisco.com accounts, so if you try to sign in using this method, you'll receive a failure message.

  • What happens if I use the Sign in with Microsoft option, but I don’t have a Cisco Secure Sign-On account?

    This will work transparently for you and allow you to sign in directly, without having to create a separate account.

Sign In to Cisco Secure Sign-On Using Your Cisco.com Account

Starting on May 6, 2020, you'll be able to sign in to Cisco Secure Sign-On using your cisco.com account.

  • How is this different than my Cisco Secure Sign-On account?

    This is your standard cisco.com account (formerly known as CCO), the same account used to access support, download software, and so on.

  • Will this change the way I access applications that use Cisco Secure Sign-On?

    No, as long as you use the same username, you remain mapped into the applications just as before; it only changes the way you authenticate.

  • Will I be able to keep and use both accounts?

    Yes and yes.

  • How does this affect Cisco employees with an @cisco.com username?

    Cisco employees are encouraged to use the Sign in with Cisco.com option, so that we can recognize them as an employee in our metrics and ensure that they receive only one MFA prompt.

  • What happens if I use the Sign in with Cisco.com option, but I don’t have a Cisco Secure Sign-On account?

    This will work transparently for you and allow you to sign in directly, without having to create a separate account.

URL Change

On March 24, 2020, between 5:00 PM and 8:00 PM PDT, the Cisco Secure Sign-On domain will move from security.cisco.com to sign-on.security.cisco.com to accommodate Cisco SecureX. During the change, there may be a few intervals where you will not be able to sign in. Afterward, you'll need to update your bookmark and password manager (such as LastPass, 1Password, or DashLane) to reference the new URL.

How It Works

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). An exchange between the SP and IdP verifies your identity and permissions. This enables you to use a single set of credentials to sign in to your different applications. It's easier to manage a single sign-on (SSO) per user than it is to manage separate ones to each and every application.

  1. The user signs in to the SSO IdP, Cisco SecureX sign-on integrated with Duo's MFA.

  2. There's a trust relationship between the IdP and SP. The IdP can pass a SAML attribute assertion containing trusted information about the user to the SP.

  3. When the user launches the different applications, the SP requests the user authorization and authentication from the IdP. Since SSO to the IdP was successful, the user can now access all the different applications without having to remember and enter more credentials.

Getting Started

Before you begin

For supported products, consult the migration and opt-in guides for product-specific details.

Procedure


Step 1

Go to https://sign-on.security.cisco.com.

Step 2

If you have an account:

  1. Enter your username. Your security image is displayed automatically, if you've previously completed a successful sign-in on the web browser you're using. This feature requires browser cookies.

    Caution 

    If you've successfully signed in on the current web browser before and have not cleared cookies, do not enter your password if your security image does not display when you enter your username. If your security image does not appear, close the web browser, and confirm that you're using the correct web address to sign in. Then, open a new web browser window, type the web address in manually, and enter your username. If your security image is still not displayed, please contact your product support team.

  2. Enter your password.

  3. Click Sign In. If you see the Sign in failed! error message, your username and password do not match those specified for your profile, or you do not have access permission. Please contact your product support team.

  4. At the Duo MFA prompt, push a notification to your registered device, and tap approve on it to authenticate.

  5. Welcome to Cisco Secure Sign-On!

Step 3

If you don't have an account, click Sign up.

Step 4

Complete the form, and click Register.

Step 5

Find the Activate Account email and click Activate Account.

Step 6

Set up MFA by configuring Duo Security. Two-factor authentication (a type of MFA) enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Step 7

Choose a device and follow the prompts to register the device. For more information, see Duo Guide to MFA and Device Enrollment. If you already have the Duo app on your device, you'll receive an activation code for this account. Duo supports multiple accounts on one device.

Step 8

For additional security, we recommend that you register at least two different devices. Click +Add another device and follow the prompts to register another device. For more information, see Duo Guide to MFA and Device Management.

Step 9

Once your device is paired with your account, click Finish. Optionally, existing users of Google Authenticator for MFA can add it here as a backup factor by clicking Setup Google Authenticator and following the prompts.

Step 10

Choose a "forgot password" question and its answer.

Step 11

Add a phone number for resetting your password or unlocking your account using SMS: useful when you don't have access to your email account and need a text message with a recovery code sent to you.

Step 12

Choose a security image.

Step 13

Click Create my account.

Step 14

Welcome to Cisco Secure Sign-On!


What to do next

  • Click any tile to launch that app, no passwords needed. Or, enter the app's name in the Launch App search field.

  • Drag and drop any tile to change the order in which it is displayed.

  • Click the + in the row of tabs to create a new tab (up to 5).

  • Drag and drop any tile onto another tab to organize the apps.

  • Click a tab's name to view the apps in it.

  • To delete a tab, it must be empty by moving its apps to another tab.

  • To change the name of the current open tab, hover by the name, and click the pencil icon.

Supported Products

Product

Description

Want This Product?

Support

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection (AMP) for Endpoints provides you with global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches. Because you can’t rely on prevention alone, AMP for Endpoints also continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.

Try AMP for Endpoints for free

Opt-in guide

View documentation

Open a support case

Cisco Cloudlock

Cisco Cloudlock is an API-based cloud access security broker (CASB) that helps accelerate use of the cloud safely. By securing your identities, data, and apps, Cloudlock combats account compromises, breaches, and cloud app ecosystem risks. Cloudlock's API-driven approach provides a simple and open way to enable healthy cloud adoption and manage the risks in your cloud app ecosystem. See the Cisco Umbrella + Cloudlock solution brief.

Request a quote

Opt-in guide

View documentation

Email support

Cisco Defense Orchestrator

Cisco Defense Orchestrator (CDO) helps you consistently manage policies across your Cisco security products. It's a cloud-based application that cuts through complexity to save time and keep your organization protected against the latest threats.

Try CDO for free

Migration guide

View documentation

Open a support case

Email support

Cisco Meraki

Cisco Meraki operates the industry’s largest-scale Cloud Networking service. The Cisco Meraki cloud service powers over tens of thousands of networks worldwide and connects millions of devices. The Cisco Meraki Cloud Networking platform is trusted by thousands of IT professionals, from enterprises to hospitals, banks, and retailers.

Try Meraki for free

Opt-in guide

View documentation

Open a support case

Cisco SecureX

Cisco SecureX is a simplified platform experience. Connect Cisco's integrated security portfolio to your existing infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens security across your network, endpoints, cloud, and applications.

Try SecureX for free

Sign-on guide

View documentation

Open a support case

Cisco Stealthwatch Cloud

Cisco Stealthwatch Cloud (SWC) improves security and incident response across the distributed network, from the office to the public cloud. Detect threats in real-time. Reduce false positives. Gain actionable security intelligence to make your security team more efficient.

Try SWC for free

Migration guide

View documentation

Open a support case

Email support

Cisco Umbrella

Cisco Umbrella helps secure access to the internet and control cloud app usage across your network, branch offices, and roaming users. It's a cloud security platform that deploys easily in minutes and delivers deep inspection and control to support compliance and block threats.

Try Umbrella for free

Opt-in guide

View documentation

Open a support case

Frequently Asked Questions

Currently, I'm using OneLogin. What do I need to do to migrate to Cisco SecureX sign-on?

Go to the Cisco SecureX Sign-On page, and click Create a SecureX Sign-On to start the self-enrollment process.

How long is the account activation email valid?

Your account activation email is valid for 7 days from when it was sent.

How do I change my security image?

To change your security image, sign in, click your username in the top menu, and select Settings. In the Security Image section, click Edit. Select a new security image and click Save.

How do I change my account password?

To change your account password, sign in, click your username in the top menu, and select Settings. In the Change Password section, click Edit. Enter your current password, your new password, click Change Password, and click Save.

How do I change my Forgotten Password question?

To change your Forgotten Password question, sign in, click your username in the top menu, and select Settings. In the Forgotten Password question section, click Edit. Choose a new question, enter your answer, and click Save.

Currently, I'm using Google Authenticator for my MFA. Will my ID get migrated?

No, your Google Authenticator MFA will not get migrated. All Cisco SecureX sign-on accounts are required to use Duo’s MFA, as it allows calls and texts to hardware and software solutions. If you want to keep using Google Authenticator, you’ll be able to add it as a backup factor for your account. During account activation, set up MFA with Duo (primary). Then, set up your additional MFA with Google Authenticator (backup).

Can I use my organization’s Duo policies and settings for my Duo MFA?

Not yet. We'll be adding a “bring your own" feature which allows you to point your Duo MFA at your organization's Duo policies and settings.

What do I do if I've forgotten my username or password?

If you cannot remember your username or password and need to reset it, click Need help signing in? and Forgot Password? on the Cisco SecureX Sign-On page. We recommend that you enter the mobile phone number you added to your account settings, and click Reset via SMS. Alternatively, enter your email or username and click Reset via Email. Look for the SMS message or email and follow the prompts. If these options are not available to you, please contact your product support team.

Is my password secure?

Yes, we provide rigorous security measures and controls to protect your information. These controls are audited and attested to in our SOC2 report.

Where and how is my username and password stored?

Just as we use strong encryption to secure your data, we use strong (256-bit AES) encryption for your username and password credentials as well.

What do I do if I have lost a phone that I was using to verify my identify with Duo?

If you have lost your phone, and can still sign in with your username and password, click Settings on the Duo verification page. Select Add a new device and follow the prompts to register your new phone. For more information, see Duo Guide to Adding a New Device.

Why do I have to input my password for some apps and not others?

With Cisco SecureX sign-on, you can access your apps through a single, unified dashboard. Access to these apps is delivered through single sign-on (SSO) technology using Security Assertion Markup Language (SAML). With SAML, Cisco SecureX sign-on automatically passes access on through a token, so you don’t need to manually make a change when the app requires an update.

How do I change my username and password for an existing app?

To change your existing password, hover your mouse pointer over the app's tile. On the upper-right corner of the tile, there's a gear icon. Click the gear icon to open the settings, and provide your current username and password to verify your identity. Once verified, you'll be able to enter a new password.

Can my administrator see my sign-in information?

Your administrator can see your username, but they do not have access to your password.

What do I do if I'm locked out of my account?

If your account is locked, click Need help signing in? and Unlock Account on the Cisco SecureX Sign-On page. If these options are not available to you, please contact your product support team.

Why don't I see the security image sometimes?

The security image is a cookie that's set when you sign in. If the cookies in your browser have been cleared, you may not see the security image until the next time you sign in.

Why does my session expire but some of the apps are still open?

Although you may be logged out of your Cisco SecureX sign-on session, Cisco SecureX sign-on does not log you out of your apps.

What happens if Cisco SecureX sign-on goes down?

Cisco SecureX sign-on is built on an “Always-On” architecture. If the service was to go down, you would not be able to sign in and access your apps using single sign-on. However, you may still be able to access some apps through their direct link. If you cannot access Cisco SecureX sign-on and want to find out whether it's because of a service outage, please contact your product support team.

How do I delete an existing Cisco SecureX sign-on account?

Although product administrators can delete accounts to remove access to their individual product apps, you must contact Cisco TAC through your product support to have the Cisco SecureX sign-on engineering team delete the account for you.