Configure Routing Rules

Any information provided in this document regarding future functionalities is for informational purposes only and is subject to change including ceasing any further development of such functionality. Many of these future functionalities remain in varying stages of development and will be offered on a when-and-if available basis, and Cisco makes no commitment as to the final delivery of any of such future functionalities. Cisco will have no liability for Cisco's failure to deliver any or all future functionalities and any such failure would not in any way imply the right to return any previously purchased Cisco products.

Routing rules apply when setting up more than one IdP. Routing rules enable ThousandEyes to identify which IdP to send your users to when you have configured multiple IdPs.

Before you activate your SSO, it’s strongly recommended to configure a break glass routing rule. This ensures that a specific user or group of users can still log in to ThousandEyes using their Cisco account password if their assigned IdP becomes unavailable. This fallback authentication path reduces the risk of being locked out during IdP outages or authentication failures.

Add a New Routing Rule

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Manage IdPs.

When configuring your first IdP, the routing rule is automatically added and is set as the default rule. You can choose another IdP to set as the default rule later.

  1. Under the Routing Rules tab, click + Add a new routing rule.

  2. Enter the details for a routing rule:

    • Rule Name: Enter a name for the routing rule.

    • Select a routing type: Click the dropdown and select domain or group.

      If you select Domain, your domain must be verified. For more information, see Verify Your Domains.

    • If these are your domains/groups: Click the dropdown and select domains/groups within your organization.

    • Then use this identity provider: Click the dropdown and select IdP.

  3. Click Add.

  4. Click the ... icon next to your new routing rule, then click Activate.

Edit a Routing Rule

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Manage IdPs.

  4. Under the Routing Rules tab, click the ... icon next to the rule you want to modify and select Edit routing rule.

  5. Make the desired changes to the routing rule and click Save.

Deactivate or Delete Routing Rules

The Default rule can’t be deactivated or deleted, but you can modify the routed IdP.

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. In the Cisco Identity portal, click Settings > Manage IdPs.

  4. Under the Routing Rules tab, click the ... icon next to the rule you want to modify and select Edit routing rule.

  5. Select one of the following:

    • Deactivate: Preserve the routing rule's configuration for future use.

    • Delete: Permanently remove the selected rule from the list of routing rules.

Make sure you have at least one active routing rule for the IdP. Otherwise, you may run into problems with your SSO login.

Add a Break Glass Routing Rule (Fallback Authentication)

Before you activate your SSO, it’s recommended that you configure a break glass routing rule. This rule ensures a specific user or group of users can still log in to ThousandEyes using their Cisco account password if their assigned Identity Provider (IdP) becomes unavailable. By providing a fallback authentication path, this configuration helps maintain uninterrupted access to ThousandEyes during IdP outages or authentication failures, reducing the risk of being locked out of your account.

  1. In ThousandEyes, navigate to Manage > Account Settings > Organization Settings.

  2. In the Single Sign-On (SSO) section, click Go to admin portal.

  3. (Optional) If you don’t have a group, create a group.

    1. In the Cisco Identity portal, navigate to Groups on the left-hand panel.

    2. Click + Create a Group.

    3. Enter a name for your group.

    4. (Optional) Enter a description for your group.

    5. Add group members.

      Click the dropdown and select organization members to add to your group. You can add up to 500 group members.

    6. Click Create group.

  4. Navigate to Settings > Manage IdPs.

  5. Under the Routing Rules tab, click + Add a new routing rule.

  6. Enter a Rule Name.

  7. Click the Select a routing type dropdown and select Group.

  8. Click the If these are your groups dropdown and select your groups.

  9. Click the Then use this identity provider dropdown and select Cisco IdP.

  10. Click Add.

Next Steps

Test your SSO Setup

PreviousConfigure SSO with Cisco AccountNextVerify Your Domains

Last updated