Login

Cisco Security Cloud Control Administration Guide

About Cisco Security Cloud Control
- Products Managed by Cisco Security Cloud Control
Platform Services for all Products
- Manage Security Devices
- Manage Objects
- Global Search
  - Initiate Full Indexing
  - Perform a Global Search
- Preview and Deploy Configuration Changes for All Devices
- Additional Configuration Assistance
- Integrate Identity Services Engine with Security Cloud Control
- Organization Notification Settings
- Security Cloud Control Platform Navigator
- Give us your Feedback
Managing Organizations
- Setting a Region for an Organization
- Create an Organization
- Rename an organization
- Switch organizations
- Cisco Support Access to your Organization
  - Enable Cisco Support Access
  - Disable support access
Managing Products and Subscriptions
- Overview of Subscription Process
- Single Product Instance in an Organization
- Claim a Subscription
- Activate a Product Instance
  - Activate an Inactive Product Instance
  - Activate an Externally Managed Product Instance
  - Activation Code to Activate Externally Managed Product Instance
  - Activate a Product Instance with Further Inputs
- View Product Subscription Details
- Deactivate a Product Instance
Onboard Devices to Security Cloud Control
- Secure ASA Onboarding Methods
- Secure Firewall Threat Defense Onboarding Methods
- On-Premises Firewall Management Center Onboarding Methods
- Meraki Security Appliance Onboarding Methods
- Cisco IOS Device Onboarding Methods
- Secure Firewall Chassis Manager Onboarding Methods
- AWS Virtual Private Cloud Onboarding Methods
- Cisco Umbrella Organization Onboarding Methods
Managing Role-Based Access Control
- Role-Based Access Control in an Organization
  - Managing Users
  - Managing Groups
  - Managing Roles
- Invite a User
- Import Users
- View or Find Users
- Edit a User Name
- Assign Roles to a User
- Add a User to Groups
- Assign Roles to Existing Users
- Remove Role Assignments
- Create a Custom Role
- Edit a Custom Role
- Delete a Custom Role
- Custom Role for Cisco Secure Workload
- Reset Multifactor Authentication Settings
- Reset User Password
- Disable a User Account
- Restore a User Account
- Remove a User Account
- Create a New Group
- Edit a Group Name
- Add Users to a Group
- Assign Roles to Groups
- Remove users from a group
- Delete a Group
- Manage Role Delegation
- Logging the Events
  - View the Activity Log
Managing Domains
- Overview
- Claim and verify a domain
Managing Identity Provider Group Mapping
- Identity Provider Group Map
- Map Identity Provider Group
- Edit an identity provider group mapping
- Link an External Identity Provider
- Delink an External Identity Provider
Integrating Identity Providers
- Prerequisites
- SAML Response Requirements
- Step 1: Initial setup
- Step 2: Provide Security Cloud SAML metadata to your identity provider
- Step 3: Provide SAML metadata from your IdP to Security Cloud
- Step 4: Test your SAML integration
- Step 5: Activate the integration
- Troubleshooting SAML errors
Identity Service Provider Instructions
- Integrating Auth0 with Security Cloud Sign On
- Integrating Microsoft Entra ID with Security Cloud Sign On
- Integrating Duo with Security Cloud Sign On
- Integrating Google Identity with Security Cloud Sign On
- Integrating Okta with Security Cloud Sign On
- Integrating Ping Identity with Security Cloud Sign On

Platform Secure Firewall Threat Defense Virtual

Activity Manage

Managing Identity Provider Group Mapping Map Identity Provider Group

Last updated: Jul 17, 2025

Map Identity Provider Group

You can map an identity provider group to a single group in the organization. A group that is mapped to an identity provider group is called a federated group. The following procedure describes how to map an identity provider group to a group in an organization.

Ensure that the identity provider sends the user group membership details through the SAMLIDPUserGroups or SamlADUserGroupIds attribute in the SAML assertion response. For information on the response from the identity provider, see SAML response requirements.

Before you begin

You must have claimed a domain and set up an identity provider.

Procedure

1	In the Security Cloud Control platform menu, choose Platform Services > Platform Management.
2	Choose Access Management > Administrator Access
3	In the Groups list page, click Map identity provider groups.
4	In the Confirm identity providers pane, do the following. Check the name of the identity provider. Get the list of group names from the identity provider. You can look up the identity provider using the URL that is provided on the page.
5	In the Map groups pane, click Add row to map the groups. In the Identity provider group field, enter the name of the identity provider group. Note that the names of the identity provider groups are provided to Security Cloud Control through the `SAMLIDPUserGroups` or `SAMLADUserGroupIds` attribute in the SAML assertion. From the Local group drop-down list, select the organization group to map. You can also create a new local group instantly. To create a new group, click the Add group button at the bottom of the Local group drop-down list. In the Create New Group slide-in pane, enter the name and description of the group and click Create group. The new group name appears in the Local group drop-down list. You can add more rows to map other identity provider groups.
6	In the Review changes pane, review and verify the group mapping information. To change the group mappings, click Back and make the required changes. To apply the group mappings, click Save. After you save the group mapping, the local group that was mapped appears as Federated in the Groups list page.

Previous topic Identity Provider Group Map Next topic Edit an identity provider group mapping