HomeDocumentation and Guides

Authentication and API

The Authentication and API tab is where you can configure your environment to enable you to sign in with a SAML (Security Assertion Markup Language) SSO (Single sign-on) or Cisco Security Cloud Sign On and to set up access to Cloudlock's APIs for use with a third party SIEM (Security Information and Event Management).

Note: Only one SSO provider can be enabled at a time.

Table of Contents

Enable Cisco Security Cloud Sign On

Note You must be signed in to Cloudlock as a Full Admin to enable or disable SSO.

  1. Create a Cisco Security Cloud Sign On account at https://sign-on.security.cisco.com/ For more information about creating an account, see Cisco Security Cloud Sign On Quick Start Guide.


The email address used for Cisco Security Cloud Sign On must match the email address of your Cloudlock account.

If you already have a Cisco SSO account, you must ensure that the email address used for your Cisco SSO account is also associated with a user in Cloudlock. You can add a new user under Settings > Manage Users.

All users that use Cisco SSO must also be users in Cloudlock.

  1. Navigate to Settings > Authentication and API.
  2. Toggle the button next to Log in to Cloudlock with Cisco Security Cloud Sign-On (SSO).
  1. Click Enable to enable Cisco SSO.

You can now login with Cisco Security Cloud Sign-On. The existing login mechanism is also usable.

Test Cisco Security Cloud Sign On Configuration

  1. Log-out of Cloudlock and go to https://login.cloudlock.com/.
  2. Choose Cisco Security Cloud Sign On and click Login. You are redirected to Cisco Security Cloud Sign On.
  3. Fill in your Cisco Sign-On credentials and click Login. You are prompted to log in with the multifactor authenticator you set up for Cisco Security Cloud Sign On.


  1. Enable Log in to Cisco Cloudlock with SAML SSO which opens the SSO configuration panel.
  2. Enter the metadata and URL provided by your SAML platform.
  3. You have the option to require this SSO for all users or all users except superadmins.
  4. Click Submit to save the settings.

Generate an API Token

Click the Generate button to generate a Cloudlock API token for authenticating your SIEM. If a token has previously been generated the button will read Recycle.


Trust an IP

To add a single address to the trusted IP list, enter the IP address. To add a range of contiguous IP addresses, enter a value in the Range field. Addresses are specified in CIDR (Classless Inter-Domain Routing) notation.