cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1116
Views
0
Helpful
1
Replies

Cisco Umbrella seems to have updated SAML endpoints, can't sign in

ac513
Level 1
Level 1

For a few years we've been doing SAML authentication to Azure AD for Cisco Umbrella. Logins have worked fine through https://login.umbrella.com/sso or the Azure AD URL of https://myapps.microsoft.com/signin/[appId]?tenantId=[ourtenant]. Logged in successfully last Thursday.


Tried to login today, and https://login.umbrella.com/sso now seems to redirect to https://login.opendns.com/sso. SSO through this endpoint obviously is not working.


I hadn't gotten any alerts from Cisco that these endpoints were changing to reflect OpenDNS's domain. In fact, I just renewed our signing cert & refreshed metadata between Umbrella and Azure AD back in July... No mention of new URLs at all.


So we're now effectively locked out of our admin UI. Creating a TAC case now to see about getting back in.

Anyone else experiencing this?

EDIT: This self-resolved sometime today. (12SEP2023) Umbrella' SSO page still redirected to an OpenDNS SSO page at start of business today.. But then SSO to Azure AD began working correctly when I last tried 10 minutes while attempting to get some screenshots. Guessing this may have been premature DNS changes?

1 Reply 1

ac513
Level 1
Level 1

This self-resolved sometime today. (12SEP2023) Umbrella' SSO page still redirected to an OpenDNS SSO page at start of business today.. But then SSO to Azure AD began working correctly when I last tried 10 minutes while attempting to get some screenshots. Guessing this may have been premature DNS changes?

Also, on this subject -- Am I missing something or can we not create non-SSO user accounts for break-glass scenarios? I didn't see it long ago, and I still don't see such an option. Any user we create is under the scope of SSO, so if there's weirdness on that front like in this post, we're locked out.