SaaS Security
Onboard a Cisco Duo App to SSPM
Table of Contents
Onboard a Cisco Duo App to SSPM
Connect a Cisco Duo instance to SSPM to detect posture risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Cisco Duo instance, you must onboard your
Cisco Duo instance to SSPM. Through the onboarding process, SSPM connects to Cisco
Duo's Admin API. After connecting to the Admin API, SSPM scans your Cisco Duo
instance for misconfigured settings and account risks. To enable SSPM to connect to
the Admin API, you will create an Admin API application in Cisco Duo. You will
configure this Admin API application to grant SSPM only the permissions it needs to
complete its scans.
The supported Cisco Duo editions for SSPM scans are the following editions:
- Duo Essentials
- Duo Advantage
- Duo Premier
To access your Cisco Duo instance, SSPM requires the following information, which you
will specify during the onboarding process.
| Item | Description |
|---|---|
| API Hostname |
A unique URL that serves as a secure entry point for all API
requests between SSPM and your Cisco Duo instance. It ensures
that SSPM is communicating directly with your Cisco Duo
account.
|
| Integration Key |
SSPM accesses the Admin API through an Admin API application that
you create in Cisco Duo. Cisco Duo generates an Integration Key
to uniquely identify this application. The Integration Key acts
as a username for SSPM to identify itself during the connection
process.
|
| Secret Key |
SSPM accesses the Admin API through an Admin API application that
you create in Cisco Duo. Cisco Duo generates a Secret Key, which
acts as a password that SSPM uses to securely authenticate to
Cisco Duo.
|
To onboard your Cisco Duo instance, you complete the following actions:
- Create the Admin API application.Creating an Admin API application establishes a secure identity for SSPM within your Cisco Duo account. This identity enables Cisco Duo to recognize SSPM and authorize its API requests. You control SSPM’s level of access by selecting specific permissions during the application setup.
- Identify the Cisco Duo account that you will use to create the Admin API application.Required Permissions: To create an Admin API application, you must use an account that is assigned to the Owner role.Open a web browser to the Cisco Duo Admin Login page, and log in to the Owner account that you identified.From the Dashboard's left navigation menu, select .On the Applications page, select + Add application.
![]()
On the Application Catalog page, locate the entry for an Admin API application and click + Add.![]()
On your application's properties page, complete the following actions:- Under Basic Configuration, specify a meaningful Application name, such as SSPM Integration. This name will appear in the list of applications on the Applications page and in Cisco Duo administrator logs. Providing a clear descriptive name will help communicate the purpose of the application to other administrators.
- Under Details,
Copy the following items and paste
them into a text file:
- Integration key
- Secret key
- API hostname
Do not continue to the next step unless you have copied the Integration key, Secret key, and API hostname. You will provide this information to SSPM during the onboarding process.![]()
- Under Permissions, select the following
permissions:
- Grant administrators - Read
- Grant read the information
- Grant applications
- Grant settings
- Grant read log
- Grant resource - Read
![]()
- Save your Admin API application
Connect SSPM to your Cisco Duo instance.In SSPM, complete the following steps to enable SSPM to connect to your Cisco Duo instance.- Log in to Strata Cloud Manager.Select and click the Cisco Duo tile.On the Posture Security tab, Add New instance.Log in with Credentials.Enter your Integration Key, Secret Key, and API Hostname.Connect.
