HomeDocumentation and Guides

Authentication and API

The Authentication and API tab is where you can configure your environment to enable you to sign in with a SAML (Security Assertion Markup Language) SSO (Single sign-on) or Cisco SecureX Sign-On and to set up access to Cloudlock's APIs for use with a third party SIEM (Security Information and Event Management).

Note: Only one SSO provider can be enabled at a time.

Table of Contents

Enable Cisco SecureX Sign-On

Note You must be signed in to Cloudlock as a Full Admin to enable or disable SSO.

  1. Create a Cisco SecureX Sign-On account at https://sign-on.security.cisco.com. For more information about creating an account, see Cisco SecureX Sign-On Quick Start Guide.


The email address used for Cisco SecureX Sign-On must match the email address of your Cloudlock account.

If you already have a Cisco SSO account, you must ensure that the email address used for your Cisco SSO account is also associated with a user in Cloudlock. You can add a new user under Settings > Manage Users.

All users that use Cisco SSO must also be users in Cloudlock.

  1. Navigate to Settings > Authentication and API.
  2. Toggle the button next to "Log in to Cloudlock with Cisco SecureX Sign-On (SSO").
  1. Click Enable to enable Cisco SSO.

You can now login with Cisco SecureX Sign-On. The existing login mechanism is also usable.

Test Cisco SecureX Sign-On Configuration

  1. Log-out of Cloudlock and go to https://login.cloudlock.com.
  2. Choose Cisco SecureX Sign-On and click Login. You are redirected to Cisco SecureX Sign-On.
  3. Fill in your Cisco Sign-On credentials and click Login. You are prompted to log in with the multifactor authenticator you set up for Cisco SecureX Sign-On.


  1. Enable Log in to Cisco Cloudlock with SAML SSO which opens the SSO configuration panel.
  2. Enter the metadata and URL provided by your SAML platform.
  3. You have the option to require this SSO for all users or all users except superadmins.
  4. Click Submit to save the settings.

<a name=token">

Generate an API Token

Click the Generate button to generate a Cloudlock API token for authenticating your SIEM. If a token has previously been generated the button will read Recycle.


Trust an IP

To add a single address to the trusted IP list, enter the IP address. To add a range of contiguous IP addresses, enter a value in the Range field. Addresses are specified in CIDR (Classless Inter-Domain Routing) notation.