The Authentication and API tab is where you can configure your environment to enable you to sign in with a SAML (Security Assertion Markup Language) SSO (Single sign-on) or Cisco SecureX Sign-On and to set up access to Cloudlock's APIs for use with a third party SIEM (Security Information and Event Management).
Note: Only one SSO provider can be enabled at a time.
- Enable Cisco SecureX Sign-On
- Enable SAML SSO
- Generate an API Token
- Trust an IP
Note You must be signed in to Cloudlock as a Full Admin to enable or disable SSO.
The email address used for Cisco SecureX Sign-On must match the email address of your Cloudlock account.
If you already have a Cisco SSO account, you must ensure that the email address used for your Cisco SSO account is also associated with a user in Cloudlock. You can add a new user under Settings > Manage Users.
All users that use Cisco SSO must also be users in Cloudlock.
- Navigate to Settings > Authentication and API.
- Toggle the button next to "Log in to Cloudlock with Cisco SecureX Sign-On (SSO").
- Click Enable to enable Cisco SSO.
You can now login with Cisco SecureX Sign-On. The existing login mechanism is also usable.
- Log-out of Cloudlock and go to https://login.cloudlock.com.
- Choose Cisco SecureX Sign-On and click Login. You are redirected to Cisco SecureX Sign-On.
- Fill in your Cisco Sign-On credentials and click Login. You are prompted to log in with the multifactor authenticator you set up for Cisco SecureX Sign-On.
- Enable Log in to Cisco Cloudlock with SAML SSO which opens the SSO configuration panel.
- Enter the metadata and URL provided by your SAML platform.
- You have the option to require this SSO for all users or all users except superadmins.
- Click Submit to save the settings.
Click the Generate button to generate a Cloudlock API token for authenticating your SIEM. If a token has previously been generated the button will read Recycle.
To add a single address to the trusted IP list, enter the IP address. To add a range of contiguous IP addresses, enter a value in the Range field. Addresses are specified in CIDR (Classless Inter-Domain Routing) notation.
Updated about a month ago