cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1532
Views
1
Helpful
14
Replies

Umbrella reports usernames

ThisIsOlivier
Level 1
Level 1

Hi,

Is there a way to get the username in the activity search of Umbrella for example when we have *not* an internal Active Directory but an Azure AD ? 

Assuming Virtual Appliances are only for Active Directory On Prem.

Thank you.

1 Accepted Solution

Accepted Solutions

Hello ThisIsOlivier,

Unfortunately there is no support for ISE integration. Only the Secure Client can provide user information when Azure AD is integrated.

SAML can also work for browser based traffic.

Hope this helps.

Kind regards,

Konstantinos

 

View solution in original post

14 Replies 14

@ThisIsOlivier have you setup the Umbrella integration with Azure AD as per this guide? https://docs.umbrella.com/umbrella-user-guide/docs/microsoft-azure-ad-integration

 

Not to provision identities. I want Umbrella to show usernames in reports like activity search.

Correct, VAs are on prem and only scrape AD for login info to tie login to IP.

So here's where Umbrella feels like 2 products in one gui...
If you were using SIG, you could be sending traffic to the Umbrella cloud via IPSec tunnels, and then you'd set your users up to SAML, and you could do that against Entra...

________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.

Pulkit Mittal
Spotlight
Spotlight

I have had this request in the past from one of my customers, what you can do is use API with Azure. The steps are listed at Provision Identities from Azure AD (umbrella.com)

However, be aware of the limitations. 

Limitations:
  • You can provision 200 groups from Azure AD to Umbrella. Umbrella supports the provisioning of up to 3000 groups. To increase your group provisioning, contact Support.
  • To ensure that all users are provisioned, create a dynamic All Users group and assign this group to the Cisco Umbrella app. For more information, see Dynamic Membership Rules for Groups in Azure Active Directory. You can assign additional groups as required for group-based Umbrella policy enforcement.

If you find this useful, please mark it helpful and accept the solution.

I don't want to provision identities. I want Umbrella to show usernames in reports like activity search for tracability.

You will need to provision users and groups and then use them in web policies to get usernames in report. This is not straight forward, you will need to configure saml auth with azure AD and use these users & groups in identity rules. This is the link to set it up. Configure SAML Integrations (umbrella.com)

If you find this useful, please mark it helpful and accept the solution and accept the solution.

Hum... That was pretty clear to me with an on prem AD but with an Entra ID, it's not that clear...
Could you please detail the right method ?

Konstantinos9
Cisco Employee
Cisco Employee

Hello ThisIsOlivier,

Assuming you have a successful Integration with Azure AD/Entra ID, the Secure Client should provide the username of AD users logged in to the devices. (Doesn't work with local users). Remember that user authentication, when Entra ID is integrated, is done only through the Secure Client with the roaming module installed. VAs and AD Connectors do not play a role in this scenario.

I would suggest that you check the following things:

1 Verify you see the AD username in the secure client > Umbrella Statistics

2 Verify the agent is active. You may need to verify the agent settings under Roaming Computers > Settings. For DNS only, the agent is always active outside the protected network, but the Roaming Computer settings might disable the agent while inside the protected network. If you have a SIG license, then the client is always redirecting traffic to Umbrella SWG and is always active inside and outside the protected network.

(Applicable for SWG only) If you're interested in getting usernames for traffic from devices that do not have an agent installed, then you will need to enable SAML authentication in the Web Policies.

To summarize you will need the agent for user authentication.

Hope this helps.

 

Kind regards,

Konstantinos

 

 

Thank you Konstantinos9.

Does it mean, with Entra ID, all users shouls be considered as roaming client to get verbose reports with usernames ? And for local ones ? Any solution ?

Thanks again.

Hello ThisIsOlivier,

Essentially yes, every user needs to have the secure client installed to be able to get the usernames in the report or build user/group-based DNS and Web Policies. All you have to do is ensure the the client is installed and it's always active. For devices without a client, this is where SAML authentication comes in.

Unfortunately for local users/accounts there is no support at the moment. You will need to rely on the computer name and the private IP address which is also retrieved by the Secure Client.

Hope this helps.

Kind regards,

Konstantinos

 

ThisIsOlivier
Level 1
Level 1

Thank you Konstantinos.

We have a lot of iPad, it seems there is no Secure Client for iPad...

Hello ThisIsOlivier,

You can search in the App Store for the Cisco Security Connector for iPad.

Kind regards,

Konstantinos

 

ThisIsOlivier
Level 1
Level 1

Well, as we will use Cisco ISE, it seems possible to integrate ISE to Umbrella to get usernames in the activity search of Umbrella ?

Hello ThisIsOlivier,

Unfortunately there is no support for ISE integration. Only the Secure Client can provide user information when Azure AD is integrated.

SAML can also work for browser based traffic.

Hope this helps.

Kind regards,

Konstantinos