browse
Introduction
This article refers to the setup process of provisioning SAML bypass in the Secure Web Gateway for your Active Directory users. This is accomplished with the steps at our article for Provision Users to Umbrella Automatically Using AD Connector Based Provisioning.
This article will serve as a troubleshooting guide for adding users into your Web policies.
Introduction and links to set up guides.
The most common issue with adding AD Connector provisioned AD users for your web policies is during the initial setup. As noted in the provisioning article linked here and above, a connector restart for every AD Connector deployed to your organization is required before AD users are expected to appear in your dashboard. Issues may appear as:
- Fewer AD users appear in Web Policies than DNS policies
- This is due to AD Connector only sending a change-only directory sync. This is standard connector operation,
- To resolve, delete the domainname.data file in Program Files (x86)\OpenDNS\ for the AD Connector and restart the connector services on all AD Connectors on your organization.
- This will force a full AD Tree sync
- Wait 6 hours for the tree sync to finish
- No AD users on my web policy, users on my DNS policies.
- Perform the steps for fewer users above
- No AD users on web or DNS policies
- Ensure an AD connector is provisioned fully with the steps here.
- Contact Umbrella support if experiencing any difficulties at umbrella-support@cisco.com
- No "Default Web Policy"
- Contact support at umbrella-support@cisco.com as soon as possible