https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5197989#M2011 <P>VA is not **required** with SSE, but it is available to provide DNS level protection with user attribution for policy application and reporting. Details here:&nbsp;<A href="https://docs.sse.cisco.com/sse-user-guide/docs/deploy-virtual-appliances" target="_blank">https://docs.sse.cisco.com/sse-user-guide/docs/deploy-virtual-appliances</A>&nbsp;Useful for agent-less deployments in IOT, servers etc. as it was with Umbrella.&nbsp;</P> Tue, 24 Sep 2024 08:38:18 GMT howe 2024-09-24T08:38:18Z https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5155936#M1985 <P>Hello,</P> <P>Let's say that I want to build a security policy where source is equal to MS AD group (users/groups will be provisioned through AD connector). My question is the following. How does firewall feature of SA know about IP-user mapping? According to what I am reading SAML is only for SWG/ZTA... Any hints?</P> Mon, 05 Aug 2024 13:13:32 GMT https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5155936#M1985 Maciej Waliszko 2024-08-05T13:13:32Z https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156015#M1986 <P>The AD connector provides user to IP mapping for all features..</P> <P>are you seeing any issues with that&nbsp; ?</P> Mon, 05 Aug 2024 16:16:37 GMT https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156015#M1986 ccieexpert 2024-08-05T16:16:37Z https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156359#M1987 <P>The problem is that there are no single word in the SA documentation about its integration with Umbrella VA (nothing is also seen in the SA dashboard to do this integration). This is in contrary to Umbrella SIG docs where we can find nice info like the one below</P> <P class="p1"><A href="https://docs.umbrella.com/umbrella-user-guide/docs/identity-and-sig-deployment" target="_blank">https://docs.umbrella.com/umbrella-user-guide/docs/identity-and-sig-deployment</A></P> <P>&nbsp;</P> Tue, 06 Aug 2024 09:26:23 GMT https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156359#M1987 Maciej Waliszko 2024-08-06T09:26:23Z https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156577#M1988 <P>&nbsp;</P> <P>AD connector is different from VA... VA is not required with SSE.. but AD connector is required..</P> <P>Please see this:</P> <P><A href="https://docs.sse.cisco.com/sse-user-guide/docs/provision-users-and-groups-from-azure-active-directory#prerequisites" target="_blank">https://docs.sse.cisco.com/sse-user-guide/docs/provision-users-and-groups-from-azure-active-directory#prerequisites</A></P> <UL style="box-sizing: border-box; margin-bottom: 15px; margin-top: 10px !important; list-style: initial; padding-left: 2em; color: #384248; font-family: CiscoSans, helvetica, arial, sans-serif; font-size: 15px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"> <LI style="box-sizing: border-box; font-weight: 400; color: #333333; clear: both; margin-top: 0.25em;">For IP-to-user mapping deployments, you must use an on-premises Secure Access AD connector. Azure does not store the private IP to Active AD user mappings.</LI> </UL> <P>**Please rate as helpful if this was useful **</P> Tue, 06 Aug 2024 16:53:49 GMT https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5156577#M1988 ccieexpert 2024-08-06T16:53:49Z https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5197989#M2011 <P>VA is not **required** with SSE, but it is available to provide DNS level protection with user attribution for policy application and reporting. Details here:&nbsp;<A href="https://docs.sse.cisco.com/sse-user-guide/docs/deploy-virtual-appliances" target="_blank">https://docs.sse.cisco.com/sse-user-guide/docs/deploy-virtual-appliances</A>&nbsp;Useful for agent-less deployments in IOT, servers etc. as it was with Umbrella.&nbsp;</P> Tue, 24 Sep 2024 08:38:18 GMT https://community.cisco.com/t5/cloud-security/secure-access-identity-question/m-p/5197989#M2011 howe 2024-09-24T08:38:18Z