Accessing and Securing your Cisco Identity Intelligence Tenant
08/2024
PreviousHow-to GuidesNextCan Identity Intelligence analyze behavior and fail checks more frequently?
Last updated
08/2024
Last updated
This article describes several critical aspects of the Cisco Identity Intelligence security solution -
Understanding tenant types
Accessing your tenant
Securing access to your tenant
The Identity Intelligence cloud platform leverages several different tenant tiers and editions, as well as geolocations, which is not unusual for SaaS solutions. From an client perspective, the different environments do not have different development cycles or characteristics.
The Production environment is refreshed with the latest build on a weekly cycle.
Social authentication platforms are not allowed for Production tenants. Only SSO from a client's IdP or IAM solution, such as Azure, Okta, Duo Security SSO, etc., is allowed. For this reason, users are not required to enroll and use MFA via the Identity Intelligence customer auth platform.
If your Cisco Identity Intelligence tenant has been , then you can access Identity Intelligence from the Launch Identity Intelligence button under the Monitoring tab.
This URL will have both the tenant name ("slug") and the SSO connection name for your tenant appended to it. It will take users directly to your SSO and into the Identity Intelligence tenant after authentication.
https://dashboard.oort.io/go?slug=tenantname
Use this as your bookmark. Users will need to select your SSO login button and then authenticate.
There are several ways to access your tenant.
Navigate to the following URLs, depending on your tenant location:
Click the Login button in the top right and then enter your tenant name. Then click Continue.
At this point, you will be presented with the available logon options, which will include your enterprise SSO method. One or more login options for Cisco Support will also be present, but are unused unless permissions is granted by the client.
Select your enterprise SSO login option and continue with the login process for it. You will be redirected to the Dashboard page when complete. Note - Cisco Identity does not provide a local username and password login option.
There are several important concepts related to securing your Identity Intelligence tenant.
Multi-factor authentication (MFA) - Cisco requires this in all tenants. It is discussed further below.
Session idle timeouts - Cisco has a default 15 min session idle timeout.
Role-based Access Controls (RBAC) - Cisco recommends RBAC be implemented in all Production tenants. Role-based access options and configuration is discussed in this article - Role-based Access (RBAC) and Tenant Access Logs.
Cisco relies solely on customer IAM platforms for customer authentication and SSO into production tenants. Cisco insists on some form of MFA for these connections, but it is the customer's responsibility to implement and enforce it via their IAM platform.
MFA enrollment with the Cisco customer authentication platform is not required for this reason.
For Duo Security customers, to create a direct URL bookmark in or another IDP or SSO platform for users to launch the Identity Intelligence console, simply right click the Launch button shown above and copy the URL to the clipboard.
If you are not a Duo Security customer with an integrated Identity Intelligence tenant, you can copy a via Tenant Settings, or simply copy a share link from one of many locations in the console, such as the Dashboard page, to use when creating a browser bookmark. This will be of the form (note the base URL is geo deployment zone specific, see below for the list):
US Production:
EU Production: Australia Production: Japan Production: United Kingdom: Canada: Singapore:
