https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4257952#M1076616 <P>Hello,</P><P>&nbsp;</P><P>We are at very initial of planning to integration of Cisco ASA under Cisco Defense Orchestrator - CDO.</P><P>&nbsp;</P><P>I am not able to find much document or section, which explains about my question and looking forward some guidance from the experts here.&nbsp;</P><P>&nbsp;</P><P>Our Cisco ASAs are enabled with TACACS through ISE based AD Authentication, now we are planning to on-board this ASAs into CDO tool. My question, how does CDO get login to this ASAs ? do we need to create a separate AD Account and input into CDO for devices login ?</P> Mon, 14 Dec 2020 09:33:35 GMT networkmanagement3141 2020-12-14T09:33:35Z https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4257952#M1076616 <P>Hello,</P><P>&nbsp;</P><P>We are at very initial of planning to integration of Cisco ASA under Cisco Defense Orchestrator - CDO.</P><P>&nbsp;</P><P>I am not able to find much document or section, which explains about my question and looking forward some guidance from the experts here.&nbsp;</P><P>&nbsp;</P><P>Our Cisco ASAs are enabled with TACACS through ISE based AD Authentication, now we are planning to on-board this ASAs into CDO tool. My question, how does CDO get login to this ASAs ? do we need to create a separate AD Account and input into CDO for devices login ?</P> Mon, 14 Dec 2020 09:33:35 GMT https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4257952#M1076616 networkmanagement3141 2020-12-14T09:33:35Z https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4257981#M1076617 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1041589">@networkmanagement3141</a>&nbsp;</P> <P>When it comes to onboarding the ASA in CDO, it requires valid credentials. I'd create a dedicated account in AD for CDO and use these when onboarding.</P> <P>&nbsp;</P> <P>HTH</P> Mon, 14 Dec 2020 10:43:59 GMT https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4257981#M1076617 Rob Ingram 2020-12-14T10:43:59Z https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4258224#M1076634 <P>I agree with <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a> - use a service account with a non-expiring strong password. Create an SOP to change it periodically.</P> Mon, 14 Dec 2020 18:03:33 GMT https://community.cisco.com/t5/network-security/cisco-cdo-to-manage-asa-when-tacacs-based-authentication-enabled/m-p/4258224#M1076634 Marvin Rhoads 2020-12-14T18:03:33Z