Guides
ProductDeveloperPartnerPersonal
Guides

Active Directory Policy Enforcement and Identities

Configure User identities for policy enforcement so that the Cisco Secure Roaming Client module can apply user identities to DNS and web traffic.

Table of Contents

Procedure

  1. Deploy the AD Connector as described in the Active Directory Setup Guide.
  2. In the Umbrella dashboard, navigate to Deployments > Core Identities > Users and Groups and click View Users & Groups to confirm that the groups and users are added.
1450
  1. To provision users and groups from Active Directory, see [Connect Active Directory to Umbrella to Provision Users and Groups](doc: 5-connect-active-directory-to-umbrella).
  2. Navigate to Deployments > Core Identities > Roaming Computers and click Settings.
1451
  1. Under the General Settings tab, enable Active Directory. (This is enabled by default for all new accounts).

macOS User Identity

macOS has many options to do user identity, from traditional native binding (phasing out), Enterprise Connect (end of life), NoMaD (acquired and launched as JAMF Connect), JAMF Connect, and AppSSO. Cisco currently supports:

  • Native Binding
  • NoMaD branded implementations
  • Enterprise Connect
  • MDM User Identity Injection

At this time Cisco Umbrella does not support JAMF Connect or AppSSO (Kerberos Extension) in the roaming client.  Cisco provides native MDM profile support for user identity injection. Any MDM can push a managed preferences profile containing a user email address to set the current user by MDM. 

Support versions:

  • Cisco Secure Roaming Client module (formerly AnyConnect)
    • Cisco Secure Client 5.0 and above
    • AnyConnect 4.10 MR6 (and higher on 4.10)
  • Umbrella Roaming Client
    • Next 3.0.22 and above

This profile should be pushed to Managed Preferences (*/Library/Managed Preferences). This will not function without the version listed above.

com.cisco.umbrella.client.plist

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
<dict> 
<key>UPN</key> 
<string>[email protected]</string> 
</dict> 
</plist> 


Interpret Diagnostics < Active Directory Policy Enforcement and Identities > Virtual Appliances