# Accessing and Securing your Cisco Identity Intelligence Tenant

### Overview <a href="#overview" id="overview"></a>

This article describes several critical aspects of the Cisco Identity Intelligence security solution -

* Understanding tenant types
* Accessing your tenant
* Securing access to your tenant

### Tenant Types <a href="#oort-tenant-types" id="oort-tenant-types"></a>

The Identity Intelligence cloud platform leverages several different tenant tiers and editions, as well as geolocations, which is not unusual for SaaS solutions. From an client perspective, the different environments do not have different development cycles or characteristics.

#### Identity Intelligence Production Environment <a href="#oort-production-environment" id="oort-production-environment"></a>

The Production environment is refreshed with the latest build on a weekly cycle.

Social authentication platforms are not allowed for Production tenants. Only SSO from a client's IdP or IAM solution, such as Azure, Okta, Duo Security SSO, etc., is allowed. For this reason, **users are not required to enroll and use MFA via the Identity Intelligence customer auth platform**.

## Accessing your Tenant from Duo Security

If your Cisco Identity Intelligence tenant has been [provisioned from your Duo tenant](https://duo.com/docs/identity-security#provision-your-cisco-identity-intelligence-tenant), then you can access Identity Intelligence from the <mark style="color:blue;">**Launch Identity Intelligence**</mark> button under the Monitoring tab.

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FnAX3RSiWj3KfIHa2P1Ni%2FAccessing%202024-07-12_11-05-08.png?alt=media&#x26;token=1333df60-9d52-4269-8040-53e8339ca063" alt=""><figcaption></figcaption></figure>

## Creating a Bookmark or Shortcut for Direct Tenant Access <a href="#accessing-your-oort-tenant" id="accessing-your-oort-tenant"></a>

For Duo Security customers, to create a direct URL bookmark in [Duo Central](https://duo.com/docs/duo-central) or another IDP or SSO platform for users to launch the Identity Intelligence console, simply right click the Launch button shown above and copy the URL to the clipboard.

This URL will have both the tenant name ("slug") and the SSO connection name for your tenant appended to it. It will take users directly to your SSO and into the Identity Intelligence tenant after authentication.

If you are not a Duo Security customer with an integrated Identity Intelligence tenant, you can copy a [bookmark URL](https://docs.oort.io/oort-tenant-settings-overview#landing-page) via Tenant Settings, or simply copy a share link from one of many locations in the console, such as the Dashboard page, to use when creating a browser bookmark. This will be of the form (note the base URL is geo deployment zone specific, see below for the list):

`https://dashboard.oort.io/go?slug=tenantname`

Use this as your bookmark. Users will need to select your SSO login button and then authenticate.

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FTKQ0zZnh3cGY9CamWT4S%2Fimage.png?alt=media&#x26;token=48330baa-0f04-4230-bd02-a959254a7566" alt=""><figcaption></figcaption></figure>

### Accessing your Tenant Directly <a href="#accessing-your-oort-tenant" id="accessing-your-oort-tenant"></a>

There are several ways to access your tenant.

1. Navigate to the following URLs, depending on your tenant location:

   **US Production**: <https://dashboard.oort.io/>

   **EU Production:** <https://dashboard.eu.oort.io/>\
   **Australia Production:** <https://dashboard.au.oort.io/>\
   **Japan Production:** <https://dashboard.jp.oort.io/>\
   **United Kingdom:** [https://dashboard.uk.oort.io/](#overview)\
   **Canada:** <https://dashboard.ca.oort.io/>\
   **Singapore:** <https://dashboard.sg.oort.io/>\
   **India:** <https://dashboard.in.oort.io/>
2. Click the **Login** button in the top right and then enter your tenant name. Then click **Continue**.

   <figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2Fm0p8E1AaPrTV8UxFpt7g%2FScreenshot%202025-05-13%20at%206.37.21%E2%80%AFPM.png?alt=media&#x26;token=5325ae7e-1f06-4bd8-99dc-1431bcb4234b" alt="" width="500"><figcaption></figcaption></figure>
3. At this point, you will be presented with the available logon options, which will include your enterprise SSO method.\
   \
   One or more login options for Cisco Support will also be present, but are unused unless permissions is granted by the client.

   <figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FC3q0rMNXjAJGmAs7AyDg%2FAccessing%202%202024-07-12_11-05-08.png?alt=media&#x26;token=13ec3728-7c62-4d8a-8e46-dea3546018c2" alt="" width="365"><figcaption></figcaption></figure>
4. Select your enterprise SSO login option and continue with the login process for it. You will be redirected to the Dashboard page when complete. **Note** - Cisco Identity does not provide a local username and password login option.

### Securing your Identity Intelligence Tenant <a href="#securing-your-oort-tenant" id="securing-your-oort-tenant"></a>

There are several important concepts related to securing your Identity Intelligence tenant.

* **Multi-factor authentication (MFA)** - Cisco requires this in all tenants. It is discussed further below.
* **Session idle timeouts** - Cisco has a default 15 min session idle timeout.
* **Role-based Access Controls (RBAC)** - Cisco recommends RBAC be implemented in all Production tenants. Role-based access options and configuration is discussed in this article - [role-based-access-and-access-logs](https://docs.oort.io/oort-tenant-settings-overview/role-based-access-and-access-logs "mention").

#### MFA in Production Tenants <a href="#mfa-in-production-tenants" id="mfa-in-production-tenants"></a>

Cisco relies solely on customer IAM platforms for customer authentication and SSO into production tenants. Cisco insists on some form of MFA for these connections, but it is the customer's responsibility to implement and enforce it via their IAM platform.

MFA enrollment with the Cisco customer authentication platform is not required for this reason.