Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
1
Helpful
14
Replies

Umbrella reports usernames

Go to solution
ThisIsOlivier
Level 1
Level 1

‎04-08-2024 08:05 AM

Hi,

Is there a way to get the username in the activity search of Umbrella for example when we have *not* an internal Active Directory but an Azure AD ? 

Assuming Virtual Appliances are only for Active Directory On Prem.

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee
In response to ThisIsOlivier

‎04-11-2024 06:15 AM

Hello ThisIsOlivier,

Unfortunately there is no support for ISE integration. Only the Secure Client can provide user information when Azure AD is integrated.

SAML can also work for browser based traffic.

Hope this helps.

Kind regards,

Konstantinos

 

View solution in original post

0 Helpful
14 Replies 14

Go to solution
Rob Ingram
VIP
VIP

‎04-08-2024 08:11 AM

@ThisIsOlivier have you setup the Umbrella integration with Azure AD as per this guide? https://docs.umbrella.com/umbrella-user-guide/docs/microsoft-azure-ad-integration

 

0 Helpful

Go to solution
ThisIsOlivier
Level 1
Level 1
In response to Rob Ingram

‎04-08-2024 10:46 PM

Not to provision identities. I want Umbrella to show usernames in reports like activity search.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎04-08-2024 08:15 AM

Correct, VAs are on prem and only scrape AD for login info to tie login to IP.

So here's where Umbrella feels like 2 products in one gui...
If you were using SIG, you could be sending traffic to the Umbrella cloud via IPSec tunnels, and then you'd set your users up to SAML, and you could do that against Entra...

________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful

Go to solution
Pulkit Mittal
Spotlight
Spotlight

‎04-08-2024 08:31 PM

I have had this request in the past from one of my customers, what you can do is use API with Azure. The steps are listed at Provision Identities from Azure AD (umbrella.com)

However, be aware of the limitations. 

Limitations:
  • You can provision 200 groups from Azure AD to Umbrella. Umbrella supports the provisioning of up to 3000 groups. To increase your group provisioning, contact Support.
  • To ensure that all users are provisioned, create a dynamic All Users group and assign this group to the Cisco Umbrella app. For more information, see Dynamic Membership Rules for Groups in Azure Active Directory. You can assign additional groups as required for group-based Umbrella policy enforcement.

If you find this useful, please mark it helpful and accept the solution.

0 Helpful

Go to solution
ThisIsOlivier
Level 1
Level 1
In response to Pulkit Mittal

‎04-08-2024 10:49 PM

I don't want to provision identities. I want Umbrella to show usernames in reports like activity search for tracability.

0 Helpful

Go to solution
Pulkit Mittal
Spotlight
Spotlight
In response to ThisIsOlivier

‎04-08-2024 11:10 PM - edited ‎04-08-2024 11:11 PM

You will need to provision users and groups and then use them in web policies to get usernames in report. This is not straight forward, you will need to configure saml auth with azure AD and use these users & groups in identity rules. This is the link to set it up. Configure SAML Integrations (umbrella.com)

If you find this useful, please mark it helpful and accept the solution and accept the solution.

0 Helpful

Go to solution
ThisIsOlivier
Level 1
Level 1
In response to Pulkit Mittal

‎04-09-2024 06:02 AM

Hum... That was pretty clear to me with an on prem AD but with an Entra ID, it's not that clear...
Could you please detail the right method ?

0 Helpful

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee

‎04-09-2024 06:22 AM

Hello ThisIsOlivier,

Assuming you have a successful Integration with Azure AD/Entra ID, the Secure Client should provide the username of AD users logged in to the devices. (Doesn't work with local users). Remember that user authentication, when Entra ID is integrated, is done only through the Secure Client with the roaming module installed. VAs and AD Connectors do not play a role in this scenario.

I would suggest that you check the following things:

1 Verify you see the AD username in the secure client > Umbrella Statistics

2 Verify the agent is active. You may need to verify the agent settings under Roaming Computers > Settings. For DNS only, the agent is always active outside the protected network, but the Roaming Computer settings might disable the agent while inside the protected network. If you have a SIG license, then the client is always redirecting traffic to Umbrella SWG and is always active inside and outside the protected network.

(Applicable for SWG only) If you're interested in getting usernames for traffic from devices that do not have an agent installed, then you will need to enable SAML authentication in the Web Policies.

To summarize you will need the agent for user authentication.

Hope this helps.

 

Kind regards,

Konstantinos

 

 

0 Helpful

Go to solution
ThisIsOlivier
Level 1
Level 1
In response to Konstantinos9

‎04-09-2024 06:46 AM

Thank you Konstantinos9.

Does it mean, with Entra ID, all users shouls be considered as roaming client to get verbose reports with usernames ? And for local ones ? Any solution ?

Thanks again.

0 Helpful

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee
In response to ThisIsOlivier

‎04-09-2024 07:01 AM

Hello ThisIsOlivier,

Essentially yes, every user needs to have the secure client installed to be able to get the usernames in the report or build user/group-based DNS and Web Policies. All you have to do is ensure the the client is installed and it's always active. For devices without a client, this is where SAML authentication comes in.

Unfortunately for local users/accounts there is no support at the moment. You will need to rely on the computer name and the private IP address which is also retrieved by the Secure Client.

Hope this helps.

Kind regards,

Konstantinos

 

0 Helpful

Go to solution
ThisIsOlivier
Level 1
Level 1

‎04-09-2024 07:25 AM

Thank you Konstantinos.

We have a lot of iPad, it seems there is no Secure Client for iPad...

0 Helpful

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee
In response to ThisIsOlivier

‎04-09-2024 07:40 AM

Hello ThisIsOlivier,

You can search in the App Store for the Cisco Security Connector for iPad.

Kind regards,

Konstantinos

 

Go to solution
ThisIsOlivier
Level 1
Level 1

‎04-10-2024 07:19 AM - edited ‎04-10-2024 07:26 AM

Well, as we will use Cisco ISE, it seems possible to integrate ISE to Umbrella to get usernames in the activity search of Umbrella ?

0 Helpful

Go to solution
Konstantinos9
Cisco Employee
Cisco Employee
In response to ThisIsOlivier

‎04-11-2024 06:15 AM

Hello ThisIsOlivier,

Unfortunately there is no support for ISE integration. Only the Secure Client can provide user information when Azure AD is integrated.

SAML can also work for browser based traffic.

Hope this helps.

Kind regards,

Konstantinos

 

0 Helpful
Customers Also Viewed These Support Documents