Cisco Cisco Firepower Management Center 4000
48-65
FireSIGHT System User Guide
Chapter 48 Managing Users
Configuring Single Sign-on from Cisco Security Manager
to modify the policies applied to the FirePOWER module of the device. You can select the managing
Defense Center in CSM and launch it in a web browser. If the managing Defense Center is a member of
a high availability pair, using SSO navigates you to the primary peer.
Defense Center in CSM and launch it in a web browser. If the managing Defense Center is a member of
a high availability pair, using SSO navigates you to the primary peer.
If you have access based on your user role, the system navigates you to the Device tab of the Device
Management page for the device you cross-launched from in CSM. Otherwise, the system navigates you
to the Summary Dashboard page (
Management page for the device you cross-launched from in CSM. Otherwise, the system navigates you
to the Summary Dashboard page (
Overview > Dashboards
), except for user accounts with no dashboard
access, which use the Welcome page.
Before you can SSO to a Defense Center, you must set up a one-way, encrypted authentication path from
CSM to the Defense Center. In NAT environments, the Defense Center and CSM must reside on the same
side of the NAT boundary. To enable communications, you must provide the following criteria for CSM
and the Defense Center to recognize each other:
CSM to the Defense Center. In NAT environments, the Defense Center and CSM must reside on the same
side of the NAT boundary. To enable communications, you must provide the following criteria for CSM
and the Defense Center to recognize each other:
•
From CSM, you must generate an SSO shared encryption key that identifies the connection. You
must enter this key on the Defense Center.
must enter this key on the Defense Center.
•
On the Defense Center, you provide the CSM server hostname or IP address, along with the server
port. If you are using high availability, configure SSO on the primary peer.
port. If you are using high availability, configure SSO on the primary peer.
•
To validate the encrypted authentication parameters, you must set up the same usernames (case
insensitive) on CSM and the Defense Center for all users who should have SSO access.
insensitive) on CSM and the Defense Center for all users who should have SSO access.
The system disables SSO when STIG compliance is enabled for the Defense Center. See
for more information.
To set up single sign-on:
Access:
Admin
Step 1
From CSM, generate an SSO shared encryption key.
See your CSM documentation for more information.
Step 2
From the Defense Center, select
System > Local > User Management
.
The User Management page appears.
Step 3
Select
CSM Single Sign-on
.
The CSM Single Sign-on page appears.
Step 4
Enter the
CSM hostname
or
IP
address and the server
Port
.
Step 5
Enter the
Shared key
that you generated from CSM.
Step 6
Click
Submit
.
The CSM certificate appears.
Optionally, if you want to use the Defense Center’s proxy server to communicate with CSM, select the
Use Proxy For Connection
check box. for more information, see
.
Step 7
Click
Confirm Certificate
to save the Certificate.
You can now log in from CSM to the Defense Center without an additional login.