cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1695
Views
1
Helpful
2
Replies

Umbrella integration with Azure AD and without VAs

Madura Malwatte
Level 4
Level 4

Hi Team, my customer wants to deploy Umbrella in Azure and connect to their Azure AD without deploying VAs. Is this possible?

Reading the documentation, its seems its not possible to use the connector into Azure AD without VAs? Is this true? https://docs.umbrella.com/deployment-umbrella/docs/connect-active-directory-to-umbrella-1

Customer is quite averse to deploying and maintaining any appliances (i.e the VAs) and want strictly SaaS solution.

1 Accepted Solution

Accepted Solutions

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi Madura, 

You can integrate with Azure AD directly for the provisioning of users and Groups. User and group identities from Azure AD integrate with Umbrella DNS-layer security and Umbrella Secure Web Gateway (SWG) deployments. You do not need to deploy an on-premises Umbrella Active Directory Connector.

Umbrella DNS

  • Enables user identity support for the Umbrella roaming client and AnyConnect Roaming Security module.

Umbrella SWG

  • Enables user identity support for the AnyConnect SWG module.
  • Provisions user and group identities for use with end-user SAML authentication.

Note: Azure AD does not store the private IP to AD user mappings. 

So without VA, for unmanaged endpoints ( without agents ), you will not get visibility of internal IP Address. 

Reference: https://docs.umbrella.com/umbrella-user-guide/docs/microsoft-azure-ad-integration

 

View solution in original post

2 Replies 2

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi Madura, 

You can integrate with Azure AD directly for the provisioning of users and Groups. User and group identities from Azure AD integrate with Umbrella DNS-layer security and Umbrella Secure Web Gateway (SWG) deployments. You do not need to deploy an on-premises Umbrella Active Directory Connector.

Umbrella DNS

  • Enables user identity support for the Umbrella roaming client and AnyConnect Roaming Security module.

Umbrella SWG

  • Enables user identity support for the AnyConnect SWG module.
  • Provisions user and group identities for use with end-user SAML authentication.

Note: Azure AD does not store the private IP to AD user mappings. 

So without VA, for unmanaged endpoints ( without agents ), you will not get visibility of internal IP Address. 

Reference: https://docs.umbrella.com/umbrella-user-guide/docs/microsoft-azure-ad-integration

 

Just to add more context.

Above scenario is applicable where you have endpoints with Secure Client ( Anyconnect ) Umbrella Roaming module. In your scenario, where you dont have VA or do not want to have VA then Secure Client can provide Identity support for the end points on/off the network. 

https://docs.umbrella.com/deployment-umbrella/docs/identity-support-for-the-roaming-client