The Umbrella for MSPs console includes the following components that you use to manage customers:
The MSP console also includes enhanced search capabilities that allow you to search for customers and select the orgs that you manage. The search box includes a type-ahead feature that automatically suggests results based on the letter typed.
When you click a name, you're taken to that organization's Umbrella dashboard, which opens in a new tab.
Centralized Reports give you a single-pane-of-glass view of your entire customer base. You can quickly assess the health of your deployment, view security activity volumes, and identify any issues that require your immediate attention. These top level reports enable you to assess and prioritize customers, allowing you to drill down to those that require your immediate attention, whether that means changing policies, remediating infected workstations, changing networks, or redeploying software. These reports are designed to give you a sense of the overall protection level and deployment status for all of your customers.
The available centralized reports are:
- Overview—Gives you a quick snapshot of two key features for all your customers: Activity Volume, and Deployment and Health Status.
- Deployment Status—Gives you an overview of the total number of networks, Umbrella roaming clients, and VAs for your customer base.
- Security Summary—Gives you an overview of traffic and security events for all of your customers.
- Cloud Services—This report shows you the use of cloud-based SaaS services across your customer base by matching their DNS traffic to the Umbrella list of known cloud services. This helps you deal with possible shadow IT, the introduction of security threats through the use of non-approved tools and possibly even the opportunity to sell a solution to meet the needs of users of this cloud service.
At the top of the Overview, Deployment Status and Security Summary reports you'll find the Notifications area. Any notifications from Umbrella, including new feature announcements or information about scheduled maintenance, appear here. The current status of your PSA Integration is also found here as well as the number of available seats you have remaining.
- Navigate to one of Centralized Reports > Overview, Deployment Status, or Security Summary.
- Click the Expand icon.
Centralized Settings are policy settings shared among customers. This is where you configure how Umbrella is going to protect your customers. You configure settings here in the MSP console and then share these settings with your customers through the Umbrella dashboard. When shared, these settings are applied to your customer's policies—default policy or all policies depending on how you set things up. These settings include Destination Lists, Block Pages, Content Settings, Security Settings, Custom Integrations, and Advanced Settings. To learn more about these settings and how to configure and share them, see Centralized Settings.
Customer Management allows you to add new customers, review which Centralized Settings and Umbrella policies are applied to your customers, and make changes as required. The top of the page provides you with seat counts: the number you've purchased, how many you've used, and how many are available. You are also given a total customer count.
Clicking a customer's name takes you to that customer's instance of the Umbrella dashboard.
Expand a customer listing to view configuration information forth the customer.
You can limit the number of customers you view to only those you want to see by typing in the Search for Customers box.
From the top of the page, click the Download CSV icon to export commonly required information about your customers to a .CSV formatted file. This information includes the fingerprint and orgID, as well as the commands you'll need to install the Umbrella roaming client.
- Navigate to Customer Management and click the + (Add) icon.
- Begin by filling in the name of the customer and adding the number of seats to assign to this customer. A PSA ID may be required—and only appears—if a PSA such as AutoTask or Connectwise is available to manage this customer.
- Click Save to confirm your changes and the new customer appears.
To open the Umbrella dashboard for the customer, click the customer name and the customer's dashboard opens in a new browser tab.
- Click the Expand icon on the right-hand side to view configuration information about the customer. Do not click the name of the customer. Clicking the customer name takes you to their Umbrella dashboard.
Once expanded, in addition to basic information about the customer, you can view applied Umbrella policies, change which Centralized Settings are applied to the customer, and access deployment parameters for the Umbrella roaming client.
- Update the customer's name and seat count as necessary.
- Update Centralized Settings as necessary.
The Centralized Settings area displays settings as configured through the Centralized Settings component. If you make changes here, they are reflected on the Centralized Settings > Security Settings page. To learn more about these settings, see Centralized Settings.
One key Centralized Setting is destination lists. At first, only two destination lists are applied—the Global Block List and the Global Allow List. However, any destination list marked as Default is also applied.
- Click Add/Remove.
A modal window appears with a list of all the available destination lists and those that are currently in use.
- Check or clear the relevant Available Destination List checkboxes.
The selected destination lists appear or are removed on the right-hand side of the window.
- Click Apply and then Save to confirm the update.
Below Centralized Settings is the Deployment Parameters area, which provides you with the information you need to deploy the Umbrella roaming client. The values for Org ID, Fingerprint, and User ID are the ones you'll pass to the installer when deploying the Umbrella roaming client en masse. Instructions for common RMMs, including scripts, are linked as a resource.
- Click Delete This Customer in the lower right-hand corner.
Under MSP Settings, an administrator has access to the following:
- Admins—Allows you to add a new staff administrator to the MSP console. An administrator created in the MSP console has full admin level control to all customer Umbrella dashboards. If you would like to limit the new user to a single Umbrella dashboard, we recommend that you access that Umbrella dashboard and create a new login that is limited to just that Umbrella dashboard. This might be used if a customer wants access to their reporting data. You can also enable two-step verification for your administrative accounts.
- Audit Log—Records changes made by administrators to MSP console settings. This log works in the same fashion as the Admin Audit Log on an individual Umbrella dashboard, but is specific to the MSP console. An admin sees entries related to events generated within the MSP console. A typical action recorded would be the additional or deletion of a customer or seats assigned to a customer.
- Contacts—Allows you to update your billing and support contact information. You can only have one billing contact and one support contact. For support, if customers that have access to their organization's Umbrella dashboard submit a ticket, the email for the ticket goes to this contact. Umbrella dashboard customers do not have access to Cisco support. The initial billing and support contacts are created when your account is first provisioned by Cisco. Once provisioned, you can change this information at any time.
Note: MSPs provide first level support to their customers; however, the MSP can contact Cisco support for assistance. Email firstname.lastname@example.org or click the Support link in the MSP console.
- Dashboard Co-branding—Allows you to add a graphic—such as a company logo—to the Umbrella dashboard and MSP console. You can also create a co-branded login page.
- Platform API Keys—For all existing Platform API Keys, we recommend creating new keys in the API Keys page, updating existing uses with the new key, and deleting the old Platform API key, as this page will be removed in the future.
- API Keys—Allows you to create an API key that is used for authentication to the Console Reporting API. For more information, see About the API for the Umbrella Console.
- PSA Integration Details—Allows you to integrate a PSA with Umbrella for ticket creation and usage data. There are two PSAs currently supported: Connectwise and AutoTask. For more information on ConnectWise PSA Integration, please read this article. For more information about AutoTask PSA Integration, see Autotask and Umbrella Integration.
Within the MSP Settings > Admins section of Umbrella for MSPs, Delegated Admin for the MSP is a feature that allows the Umbrella for MSPs administrator to assign one of five roles to other people within the MSP’s organization. These roles can give the assignee the ability to manage customers, but be denied total access to Umbrella for MSPs, or be given permission to provision new software, but be denied the right to make changes, or be given permissions to update centralized settings, but be restricted from other configurations.
It’s also possible to create a “Read Only” user for Umbrella for MSPs who has full administrative access to one or more of your customer’s Umbrella dashboards. In that way, responsibility for handling individual customers can be passed to an MSP user that otherwise has limited access to the MSP console.
Selecting a role for the new user account
To create a new user account with one of the delegated administrative roles:
- Navigate to MSP Settings > Admins and either add a new account or select an existing account.
- In the “Choose Delegated Admin Role” drop-down list choose an Admin Role.
- Full Admin—This role has full administrative rights over all aspects of Umbrella for MSPs and all customer Umbrella dashboards.
- Support Engineer—This role is read-only for centralized settings, customer management (adding and removing customers) and all other Umbrella for MSP administrative rights. However, this role has full administrative control over all customer Umbrella dashboards.
- Provisioning Admin—This role is read-only for centralized settings but has full administrative rights to add, remove and manage customers, including administrative rights over all customer Umbrella dashboards.
- Limited Admin—This role has full administrative rights over centralized settings and all customer Umbrella dashboards but is limited to read-only for customer management, including adding and removing customers.
- Global Read Only—This role is read-only for all aspects of Umbrella for MSPs and all customer Umbrella dashboards.
Creating a Global Read Only with Admin on a Sub-organization
To create a user that’s a Read Only Admin, but with more privileges on a given customer sub-organization, first create the user account as a Global Read Only.
- Navigate to Customer Management.
- Click the customer name.
- In the customer’s Umbrella sub-organization, navigate to Settings > Accounts.
- Click the Invite an Existing Account icon.
- Enter the email address of the user, and in the Choose Delegated Admin Role drop-down list choose a role.
- Click Invite.
This means they’ll be read-only in the Umbrella for MSPs console and all other customer orgs, but have full administrative rights over this specific customer org.
Limitations of Delegated Admin
- The Read Only role is not restricted to being able to view only certain parts of the Umbrella for MSPs console, such as only some individual customers but not others.
- It is not possible to be an administrator of Umbrella for MSPs and also not allow that user to have administrative access to individual customer Umbrella dashboards.