Login

Cisco Security Cloud Control Administration Guide

About Cisco Security Cloud Control
- Products Managed by Cisco Security Cloud Control
Platform Services for all Products
- Manage Security Devices
- Manage Objects
- Global Search
  - Initiate Full Indexing
  - Perform a Global Search
- Preview and Deploy Configuration Changes for All Devices
- Additional Configuration Assistance
- Integrate Identity Services Engine with Security Cloud Control
- Organization Notification Settings
- Firewall Manager Platform Navigator
- Set Background Theme
- Give us your Feedback
Managing Organizations
- Create an Organization
- Setting a Region for an Organization
- Organization Details
- View Organization Details
- Rename an organization
- Switch organizations
Managing Products and Subscriptions
- Overview of Subscription Process
- Single Product Instance in an Organization
- Claim a Subscription
- Activate a Product Instance
  - Activate an Inactive Product Instance
  - Activate an Externally Managed Product Instance
  - Activation Code to Activate Externally Managed Product Instance
  - Activate a Product Instance with Further Inputs
- View Product Subscription Details
- Deactivate a Product Instance
Onboard Devices to Security Cloud Control
- Secure ASA Onboarding Methods
- Secure Firewall Threat Defense Onboarding Methods
- On-Premises Firewall Management Center Onboarding Methods
- Meraki Security Appliance Onboarding Methods
- Cisco IOS Device Onboarding Methods
- Secure Firewall Chassis Manager Onboarding Methods
- AWS Virtual Private Cloud Onboarding Methods
- Cisco Umbrella Organization Onboarding Methods
Managing Role-Based Access Control
- Role-Based Access Control in an Organization
  - Managing Users
  - Managing Groups
  - Managing Roles
- Invite a User
- Import Users
- View or Find Users
- Edit a User Name
- Assign Roles to a User
- Add a User to Groups
- Assign Roles to Existing Users
- Remove Role Assignments
- Create a Custom Role
- Edit a Custom Role
- Delete a Custom Role
- Custom Role for Cisco Secure Workload
- Reset Multifactor Authentication Settings
- Reset User Password
- Disable a User Account
- Restore a User Account
- Remove a User Account
- Create a New Group
- Edit a Group Name
- Add Users to a Group
- Assign Roles to Groups
- Remove users from a group
- Delete a Group
- Manage Role Delegation
- Logging the Events
  - View the Activity Log
Managing Domains
- Overview
- Claim and verify a domain
Managing Identity Provider Group Mapping
- Identity Provider Group Map
- Map Identity Provider Group
- Edit an identity provider group mapping
- Link an External Identity Provider
- Delink an External Identity Provider
Integrating Identity Providers
- Prerequisites
- SAML Response Requirements
- Step 1: Initial setup
- Step 2: Provide Security Cloud SAML metadata to your identity provider
- Step 3: Provide SAML metadata from your IdP to Security Cloud
- Step 4: Test your SAML integration
- Step 5: Activate the integration
- Troubleshooting SAML errors
Identity Service Provider Instructions
- Integrating Auth0 with Security Cloud Sign On
- Integrating Microsoft Entra ID with Security Cloud Sign On
- Integrating Duo with Security Cloud Sign On
- Integrating Google Identity with Security Cloud Sign On
- Integrating Okta with Security Cloud Sign On
- Integrating Ping Identity with Security Cloud Sign On
Additional Documentation and Support
- Security Cloud Control Documentation
- AI Defense Documentation
- Firewall in Security Cloud Control Documentation
- Multicloud Defense Documentation
- Secure Access Documentation
- Secure Workload Documentation
- Cisco Support Access to your Organization
  - Enable Cisco Support Access
  - Disable Cisco Support Access
- Customer Support Resources

Managing Identity Provider Group Mapping Identity Provider Group Map

Last updated: Aug 28, 2025

Identity Provider Group Map

Security Cloud Control supports the import of users and groups from their identity provider. You can map an identity provider group with a group in an organization. This one-to-one mapping avoids the manual effort of creating users and assigning them to groups in Security Cloud Control. You can define group memberships and manage user identities centrally.

When you link an identity provider group to a group in your organization, note the following—

The name of an identity provider group in a group map must not be duplicated.
The name of a local group in a group map must not be duplicated.

An organization group that is mapped to an identity provider group is called a federated group. A federated group and its users are managed by the identity provider. Such a group can't be edited in Security Cloud Control.

Previous topic Managing Identity Provider Group Mapping Next topic Map Identity Provider Group