For Meraki administrators, once you have deployed the Cisco Security Connector (CSC), use the Meraki dashboard to deploy the app to devices using the instructions in the Meraki document Using Apple’s Volume Purchase Program (VPP) with Systems Manager. When your endpoints have registered with Umbrella, they will appear in the dashboard. For support, contact Meraki support.
- Verify Push of Profile Config
- Anonymize Your Device
- Verify Umbrella on Your iOS Device
- Install Umbrella Root Certificate
- The Cisco Security Connector requirements.
- You must have a Meraki API key. For more information about acquiring a Meraki API key, see the Cisco Meraki Dashboard API.
- The Cisco Security Connector app is installed on your iOS device (typically through MDM).
- Configure Meraki as required so that it can push configuration information to both CSC and Umbrella. For information about configuring Meraki, see Meraki documentation.
- If deploying to a supervised device, to ensure that the names in Umbrella match the Meraki portal name, enable device name updates under Restrictions > iOS Restrictions (Supervised) > Allow modification of device name (Enable) > Keep device name up-to-date with Dashboard (Enable).
Meraki's Hide App Feature Incompatibility
The Cisco Security Connector is not compatible with Meraki's hide app feature.
Note: You must log into your Umbrella dashboard as an administrator.
- In Umbrella, navigate to Deployments > Core Identities > Mobile Devices and click Manage MDMs.
- In the Managed Mobile Clients modal, click iOS.
- Click Link MDM.
- Add your Meraki MDM API Key, optionally add an email address, and click Link.
This email address is where diagnostic reports are sent when a user clicks the I icon from within the iOS device. Once set, this email address is automatically added when managing an MDM.
Note: You acquire a Meraki MDM API key from the Meraki dashboard. For more information, see the Cisco Meraki Dashboard API.
- In the Provision Umbrella on Mobile Devices via MDM modal, select your MDM Profiles.
Note: While you can deploy more than one profile to an iOS device, if you try to deploy more than one profile with Umbrella applied, an error will occur and the second profile will not be applied. You can safely deploy a second profile with only Umbrella applied to a device that has an existing profile that only has Clarity applied.
- Check Provision Umbrella root certificate.
The root certificate is required to perform SSL decryption for the intelligent proxy and also helps avoid error messages when visiting blocked pages.
- Click Save.
If successful, your mobile device registers with Umbrella and is listed at Deployments > Core Identities > Mobile Devices. CSC on your mobile device updates to connect to Umbrella so that your iOS device is protected by Umbrella.
Once you have provisioned Umbrella, verify the push of the Umbrella Profile Config on your Meraki dashboard.
- In Meraki, navigate to Systems Manager > Settings.
You'll see an Umbrella DNS Proxy profile with configuration settings populated from Umbrella.
Umbrella provides you with the option of anonymizing mobile devices for reporting and administration purposes. When you anonymize a mobile device, its label is hidden and replaced by your device's serial number. The label name is anonymized in both the Umbrella dashboard and in the CSC app UI. For information about how to anonymize your device, see Anonymize Devices.
- In Meraki, navigate to Systems Manager > Settings and then select your profile.
- Under Value for anonymizationLevel, type 1.
Note: If anonymizationLevel is not listed, click Add Setting and add a Key with the value anonymizationLevel and Number with the value of 1.
A value of 0 turns anonymization off.
- Click Save.
Meraki pushes settings to Umbrella, and Umbrella hides the device's true label name by replacing it with the device's serial number. Existing active devices anonymize with 24 hours. New devices anonymize immediately.
On your iOS device, verify that Umbrella is operational.
- In the CSC app, click the Status icon and confirm that it shows Protected by Umbrella.
- For protection details, tap Protected by Umbrella.
The intelligent proxy can inspect web traffic sent from a mobile device to Umbrella. If you enable the intelligent proxy with SSL decryption in your DNS policy and apply the policy to your mobile device, you must install the Umbrella Root Certificate Authority (CA) certificate on the mobile device. Download the Umbrella Root CA certificate from the DNS policy or from Deployments > Configuration > Root Certificate.
- For information about configuring the intelligent proxy in the DNS policy, see Enable the Intelligent Proxy.
- For information about how to install the Umbrella Root CA certificate on iOS devices, see Push the Umbrella Certificate to Devices.
Updated 2 days ago