Login Workflow
This is a simplified description of how the IdP account interacts with the CDO user record to log in a CDO user:
Procedure
Step 1 | The user requests access to CDO by logging in to a SAML 2.0-compliant identity provider (IdP) such as Cisco Security Cloud Sign On (https://sign-on.security.cisco.com) for authentication. |
Step 2 | The IdP issues a SAML assertion that the user is authentic, and a portal displays the applications the user can access. One of the tiles represents CDO. |
Step 3 | CDO validates the SAML assertion, extracts the username and attempts to find a user record among its tenants that corresponding to that username.
Creating a user record in CDO does not create an account in the IdP and creating an account in the IdP does not create a user record in CDO. Similarly, deleting an account on the IdP does not mean you have deleted the user record from CDO; although, without the IdP account, there is no way to authenticate a user to CDO. Deleting the CDO user record does not mean you have deleted the IdP account; although, without the CDO user record, there will be no way for an authenticated user to access a CDO tenant. |