Relationship Between the Identity Provider Accounts and Security Cloud Control Firewall Management User Records

To log in to Security Cloud Control Firewall Management , a customer needs an account with a SAML 2.0-compliant identity provider (IdP), a multi-factor authentication provider, and a user record in Security Cloud Control Firewall Management . The IdP account contains the user's credentials and the IdP authenticates the user based on those credentials. Multi-factor authentication provides an added layer of identity security. The Security Cloud Control Firewall Management user record primarily contains the username, the Security Cloud Control Firewall Management tenant with which they are associated, and the user's role. When a user logs in, Security Cloud Control Firewall Management tries to map the IdP's user ID to an existing user record on a tenant in Security Cloud Control Firewall Management . When Security Cloud Control Firewall Management finds a match, the user is logged in to that tenant.

Unless your enterprise has its own single sign-on identity provider, your identity provider is Cisco Security Cloud Sign On. Cisco Security Cloud Sign On uses Duo for mutli-factor authentication. Customers can integrate their own IdP with Security Cloud Control Firewall Management if they choose.