PDF(849.6 KB) View with Adobe Reader on a variety of devices
ePub(942.8 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(810.3 KB) View on Kindle device or Kindle app on multiple devices
Updated:July 26, 2023
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure the Secure Firewall Management Center (FMC) to authenticate via Single Sign-On (SSO) for management access.
Cisco recommends that you have knowledge of these topics: • Basic understanding of Single Sign-On and SAML • Understanding of the configuration on the Identity Provider (iDP)
The information in this document is based on these software versions: • Cisco Secure Firewall Management Center (FMC) version 7.2.4 • Duo as the Identity Provider
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
These iDPs are supported and are tested for authentication: • Okta • OneLogin • PingID • Azure AD • Others (Any iDP that conforms to SAML 2.0)
Note: No new license requirement. This feature works in licensed as well as evaluation mode.
Limitations and Restrictions These are known limitations and restrictions for SSO authentication for FMC access: • SSO can be configured only for the Global Domain. • FMC devices participating in HA Pair requires individual configuration. • Only Local/AD admins can configure SSO on FMC (SSO admin users are unable to configure/update SSO settings on FMC).
Configuration Steps on the Identity Provider (Duo)