This configuration guide covers the steps to provision the OrgInfo.json file and AnyConnect via ISE (Identity Services Engine).
- Access to the Umbrella Dashboard.
- Access to the ISE Dashboard.
- Umbrella Module Profile (OrgInfo.json).
- AnyConnect Headend Deployment Package (Windows or Mac OS).
- ISE Posture Compliance Library (Windows or Mac OS).
- ISE latest patch is required to avoid CSCvz01485: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz01485
- ISE Authentication and Authorization policies.
- ISE Client Provisioning Portal and client redirection.
Before you begin
- Access your Umbrella Dashboard and download the Umbrella Module Profile (OrgInfo.json) under Deployments > Roaming Computers > Download > Download Module Profile:
- Go to the Cisco Software Download page and download the AnyConnect Headend Deployment Package according to your version and needs:
- Go to the Cisco Software Download page and download the ISE Posture Compliance Library according to your version and needs:
- Access your ISE Dashboard go to Work Centers > Posture > Client Provisioning > Resources > Add > Agent resources from local disk:
- Select Cisco Provided Package > Choose File > AnyConnect Headend Deployment Package > Submit >Confirm:
- Repeat step 1 > Select Cisco Provided Package > Choose File > ISE Posture Compliance Library > Submit > Confirm:
- Repeat step 1 > Select Customer Created Package > Select AnyConnect Profile > Add Name > Choose File > OrgInfo.json > Submit:
- Under Work Centers > Posture > Client Provisioning > Resources > Add > AnyConnect Posture Profile:
- Add Name > Add Server name rules (A list of wildcarded, comma-separated names that defines the servers that the agent can connect to. E.g. "*.cisco.com") > Submit:
- Under Work Centers > Posture > Client Provisioning > Resources > Add > AnyConnect Configuration:
- Select the AnyConnect Package (from step 2) > Add Configuration Name > Select the Compliance Package (from step 3) > Select the AnyConnect Modules (Umbrella and Diagnostic) > Select the ISE Profile (from step 6) > Select the Umbrella Profile (from step 4) > Submit:
- Under Work Centers > Posture > Client Provisioning > Client Provisioning Policy > Edit Policy > Under Results add the AnyConnect Configuration (from step 8) > Save:
- From the ISE side, proceed to create an Authorization Policy that redirects the clients to the Client Provisioning Portal. Please note that this is outside the scope of this guide.
- Once the client is able to get the redirection from the Client Provisioning Portal click "Start":
- Select "This is my first time here" and it will start downloading AnyConnect:
- Open/run the downloaded file and it will start the process:
- When "Trusted and Secure Connection" message appears click "Connect" if the ISE information is correct:
- Once the "Installation is completed" message appears click "Quit":
- You can close all other windows, you will notice that Umbrella has been installed, plus the ISE Posture module: