Welcome

With Cisco Secure Sign-On, you can easily access all your Cisco security products, from any device. Once you sign in with your username and one password, your Cisco Secure Sign-On home page displays all your Cisco security products as apps in one customizable dashboard.

  • Click an app and you're automatically signed-in for seamless workflows across your Cisco security products. You no longer have to remember and juggle multiple passwords.

  • Arrange your apps any way you want. Tabs and a search bar help keep you organized.

  • Duo's Multi-Factor Authentication (MFA) integrated with Cisco Secure Sign-On means adaptive, layered, and simplified authentication. One push notification, one tap, instant access.

How It Works

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). An exchange between the SP and IdP verifies your identity and permissions. This enables you to use a single set of credentials to sign in to your different applications. It's easier to manage a single sign-on (SSO) per user than it is to manage separate ones to each and every application.

  1. The user signs in to the SSO IdP, Cisco Secure Sign-On integrated with Duo's MFA.

  2. There's a trust relationship between the IdP and SP. The IdP can pass a SAML attribute assertion containing trusted information about the user to the SP.

  3. When the user launches the different applications, the SP requests the user authorization and authentication from the IdP. Since SSO to the IdP was successful, the user can now access all the different applications without having to remember and enter more credentials.

Getting Started

Before you begin

For supported products, consult the migration and opt-in guides for product-specific details.

Procedure


Step 1

Go to Cisco Secure Sign-On at security.cisco.com.

Step 2

If you have an account:

  1. Enter your username. Your security image is displayed automatically, if you've previously completed a successful sign-in on the web browser you're using. This feature requires browser cookies.

    Caution 

    If you've successfully signed in on the current web browser before and have not cleared cookies, do not enter your password if your security image does not display when you enter your username. If your security image does not appear, close the web browser, and confirm that you're using the correct web address to sign in. Then, open a new web browser window, type the web address in manually, and enter your username. If your security image is still not displayed, please contact your product support team.

  2. Enter your password.

  3. Click Sign In. If you see the Sign in failed! error message, your username and password do not match those specified for your profile, or you do not have access permission. Please contact your product support team.

  4. At the Duo MFA prompt, push a notification to your registered device, and tap approve on it to authenticate.

  5. Welcome to your Cisco Secure Sign-On dashboard!

Step 3

If you don't have an account, click Sign up.

Step 4

Complete the form, and click Register.

Step 5

Find the Activate Account email from Cisco Secure Sign-On, and click Activate Account.

Step 6

Set up MFA by configuring Duo Security. Two-factor authentication (a type of MFA) enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Step 7

Choose a device and follow the prompts to register the device. For more information, see Duo Guide to MFA and Device Enrollment. If you already have the Duo app on your device, you'll receive an activation code for this account. Duo supports multiple accounts on one device.

Step 8

For additional security, we recommend that you register at least two different devices. Click +Add another device and follow the prompts to register another device. For more information, see Duo Guide to MFA and Device Management.

Step 9

Once your device is paired with your account, click Finish. Optionally, existing users of Google Authenticator for MFA can add it here as a backup factor by clicking Setup Google Authenticator and following the prompts.

Step 10

Choose a "forgot password" question and its answer.

Step 11

Add a phone number for resetting your password or unlocking your account using SMS. Cisco Secure Sign-On can send you a text message with a recovery code. This is useful when you don't have access to your email account.

Step 12

Choose a security image.

Step 13

Click Create my account.

Step 14

Welcome to your Cisco Secure Sign-On dashboard!


What to do next

  • On the dashboard, click any tile to launch that app, no passwords needed. Or, enter the app's name in the Launch App search field.

  • Drag and drop any tile to change the order in which it is displayed.

  • Click the + in the row of tabs to create a new tab (up to 5).

  • Drag and drop any tile onto another tab to organize the apps.

  • Click a tab's name to view the apps in it.

  • To delete a tab, it must be empty by moving its apps to another tab.

  • To change the name of the current open tab, hover by the name, and click the pencil icon.

Supported Products

Product

Description

Want This Product?

Support

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection (AMP) for Endpoints provides you with global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches. Because you can’t rely on prevention alone, AMP for Endpoints also continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.

Try AMP for Endpoints for free

Opt-in guide

View documentation

Open a support case

Cisco Defense Orchestrator

Cisco Defense Orchestrator (CDO) helps you consistently manage policies across your Cisco security products. It's a cloud-based application that cuts through complexity to save time and keep your organization protected against the latest threats.

Try CDO for free

Migration guide

View documentation

Open a support case

Email support

Cisco Stealthwatch Cloud

Cisco Stealthwatch Cloud (SWC) improves security and incident response across the distributed network, from the office to the public cloud. Detect threats in real-time. Reduce false positives. Gain actionable security intelligence to make your security team more efficient.

Try SWC for free

Migration guide

View documentation

Open a support case

Email support

Cisco Umbrella

Cisco Umbrella helps secure access to the internet and control cloud app usage across your network, branch offices, and roaming users. It's a cloud security platform that deploys easily in minutes and delivers deep inspection and control to support compliance and block threats.

Try Umbrella for free

Opt-in guide

View documentation

Open a support case

Email support

Frequently Asked Questions

Currently, I'm using OneLogin. What do I need to do to migrate to Cisco Secure Sign-On?

Go to the Cisco Secure Sign-On page, and next to Don’t have an account? click Sign up to start the self-enrollment process.

How long is the account activation email valid?

Your Cisco Secure Sign-On account activation email is valid for 7 days from when it was sent.

How do I change my security image?

To change your security image, sign-in to Cisco Secure Sign-On. Click your username in the top menu, and select Settings. In the Security Image section, click Edit. Select a new security image and click Save.

How do I change my account password?

To change your account password, sign-in to Cisco Secure Sign-On. Click your username in the top menu, and select Settings. In the Change Password section, click Edit. Enter your current password, your new password, click Change Password, and click Save.

How do I change my Forgotten Password question?

To change your Forgotten Password question, sign-in to Cisco Secure Sign-On. Click your username in the top menu, and select Settings. In the Forgotten Password question section, click Edit. Choose a new question, enter your answer, and click Save.

Currently, I'm using Google Authenticator for my MFA. Will my ID get migrated?

No, your Google Authenticator MFA will not get migrated. All Cisco Secure Sign-On accounts are required to use Duo’s MFA, as it allows calls and texts to hardware and software solutions. If you want to keep using Google Authenticator, you’ll be able to add it as a backup factor for your account. During account activation, set up MFA with Duo (primary). Then, set up your additional MFA with Google Authenticator (backup).

Can I use my organization’s Duo policies and settings for my Duo MFA?

Not yet. We'll be adding a “bring your own" feature which allows you to point your Duo MFA at your organization's Duo policies and settings.

What do I do if I've forgotten my username or password?

If you cannot remember your username or password and need to reset it, click Need help signing in? and Forgot Password? on the Cisco Secure Sign-On sign-in page. We recommend that you enter the mobile phone number you added to your account settings, and click Reset via SMS. Alternatively, enter your email or username and click Reset via Email. Look for the SMS message or email and follow the prompts. If these options are not available to you, please contact your product support team.

Is my password secure?

Yes, Cisco Secure Sign-On provides rigorous security measures and controls to protect your information. These controls are audited and attested to in our SOC2 report.

Where and how is my username and password stored?

Just as we use strong encryption to secure your data, we use strong (256-bit AES) encryption for your username and password credentials as well.

Why do I have to input my password for some apps and not others?

With Cisco Secure Sign-On you can access your apps through a single, unified dashboard. Access to these apps is delivered through single sign-on (SSO) technology using Security Assertion Markup Language (SAML). With SAML, Cisco Secure Sign-On automatically passes access on through a token, so you don’t need to manually make a change when the app requires an update.

How do I change my username and password for an existing app?

To change your existing password, hover your mouse pointer over the app's tile. On the upper-right corner of the tile, there's a gear icon. Click the gear to open the settings, and provide your current username and password to verify your identity. Once verified, you'll be able to put in a new password.

Can my administrator see my sign-in information?

Your administrator can see your username, but they do not have access to your password.

What do I do if I'm locked out of my account?

If your account is locked, click Need help signing in? and Unlock Account on the Cisco Secure Sign-On sign-in page. If these options are not available to you, please contact your product support team.

Why don't I see the security image sometimes?

The security image is a cookie that's set when you sign in. If the cookies in your browser have been cleared, you may not see the security image until the next time you sign in.

Why does my session expire but some of the apps are still open?

Although you may be logged out of your Cisco Secure Sign-On session, Cisco Secure Sign-On does not log you out of your apps.

What happens if Cisco Secure Sign-On goes down?

Cisco Secure Sign-On is built on an “Always-On” architecture. If the service was to go down, you would not be able to sign in and access your apps using single sign-on. However, you may still be able to access some apps through their direct link. If you cannot access Cisco Secure Sign-On and want to find out whether it's because of a service outage, please contact your product support team.