browse
Introduction
One of the core features of the Umbrella roaming client is the ability to apply a user identity from anywhere to the DNS and Web traffic captured by the client. Currently, there are two major limitations as user identities have evolved. This article will describe each limitation and what Cisco Umbrella is doing to address them.
Windows
On Windows platforms, Umbrella currently relies on a Generated UID, or GUID to perform user identification. This value is ubiquitous on traditional Active Directory; however, does not exist on Azure AD (by default), Okta, or other cloud-based identity platforms. As a result, a migration is required.
Roaming client versions that fully support Azure AD and other "user name/email"-based identity platforms supported by Umbrella cloud.
- Cisco Secure Client (formerly AnyConnect)
- Cisco Secure Client 5.0 and above
- AnyConnect 4.10 MR6 (and higher on 4.10)
- Umbrella Roaming Client
- 3.0.328 and above
macOS
macOS has many options to do user identity, from traditional native binding (phasing out), Enterprise Connect (end of life), NoMaD (acquired and launched as JAMF Connect), JAMF Connect, and AppSSO. Cisco currently supports:
- Native Binding
- NoMaD branded implementations
- Enterprise Connect
At this time Cisco Umbrella has not yet added support for JAMF Connect (formerly NoMaD/NoMaD Login) or AppSSO (Kerberos Extension) in the roaming client.
Cisco will be releasing a native MDM profile support for user identity. Any MDM can push a managed preferences profile containing a user email address to set the current user by MDM.
Support versions:
- Cisco Secure Client (formerly AnyConnect)
- Cisco Secure Client 5.0 and above
- AnyConnect 4.10 MR6 (and higher on 4.10)
- Umbrella Roaming Client
- 3.0.22 and above
This profile should be pushed to "Managed Preferences" (*/Library/Managed Preferences). This will not function without a version listed above. Contact the Umbrella support team to request a preview version for testing purposes.
com.cisco.umbrella.client.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UPN</key>
<string>user@domain.com</string>
</dict>
</plist>
Example configuration (JAMF)
Below is an example of distribution with JAMF. Configuration may differ based on your MDM provider.