09-11-2023 10:18 AM - edited 09-12-2023 09:10 AM
For a few years we've been doing SAML authentication to Azure AD for Cisco Umbrella. Logins have worked fine through https://login.umbrella.com/sso or the Azure AD URL of https://myapps.microsoft.com/signin/[appId]?tenantId=[ourtenant]. Logged in successfully last Thursday.
Tried to login today, and https://login.umbrella.com/sso now seems to redirect to https://login.opendns.com/sso. SSO through this endpoint obviously is not working.
I hadn't gotten any alerts from Cisco that these endpoints were changing to reflect OpenDNS's domain. In fact, I just renewed our signing cert & refreshed metadata between Umbrella and Azure AD back in July... No mention of new URLs at all.
So we're now effectively locked out of our admin UI. Creating a TAC case now to see about getting back in.
Anyone else experiencing this?
EDIT: This self-resolved sometime today. (12SEP2023) Umbrella' SSO page still redirected to an OpenDNS SSO page at start of business today.. But then SSO to Azure AD began working correctly when I last tried 10 minutes while attempting to get some screenshots. Guessing this may have been premature DNS changes?
09-12-2023 09:06 AM - edited 09-12-2023 09:11 AM
This self-resolved sometime today. (12SEP2023) Umbrella' SSO page still redirected to an OpenDNS SSO page at start of business today.. But then SSO to Azure AD began working correctly when I last tried 10 minutes while attempting to get some screenshots. Guessing this may have been premature DNS changes?
Also, on this subject -- Am I missing something or can we not create non-SSO user accounts for break-glass scenarios? I didn't see it long ago, and I still don't see such an option. Any user we create is under the scope of SSO, so if there's weirdness on that front like in this post, we're locked out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide