Cisco Meraki MDM

Suggest Edits

For Meraki administrators, once you have deployed the Cisco Secure Client, use the Meraki dashboard to deploy the app to devices. After the endpoints register with Umbrella, Umbrella lists the devices in the dashboard. For information about how to configure and enroll an Android device, see Meraki documentation.

Prerequisites
Add App to Cisco Meraki
Add Configuration for App
Push the App to Devices
Push the Umbrella Certificate
Manage Pop-Ups and App Controls

Prerequisites

An Android Enterprise compatible device deployment. The legacy Device Admin (DA) system is not supported at this time.
Android mobile devices running Android OS version 6.0.1 and above. Devices examples are Samsung, Google, and Motorola. FireOS devices and other Android forks are not supported.
An MDM for deploying the software; in this case, Meraki.
Access to an Umbrella subscription including mobile device coverage.
A network meeting access requirements.
- Access over UDP 53 and UDP 443 to 208.67.222.222 from the device.
For on-network scenarios, Trusted Network Detection (TND) may also be used to disable the client on network and pass traffic to a Virtual Appliance. The following prerequisites apply:
- All VAs in use are defined by FQDN (IPs entered will not allow the client to go into trusted network mode) in the umbrella_va_fqdns configuration property.
  - The format for this field is comma separated, for example, (va1.domain.com, va2.domain.com)
- VAs must be registered to the same Umbrella organization as the Android devices.
- HTTPS mode for user events enabled on the Virtual Appliance.
  - If the VA’s FQDN is not publicly signed, the self-signed root certificate for the VA domain used for HTTPS mode on the VA must also be pushed to the Android device to sign the connection.
  - VA certificates should contain Subject Alternate Name (SAN) matching the VA’s configured domain to successfully communicate with the VA over HTTPS mode.
  - For more information on how to configure HTTPS mode on the VA, see Umbrella Virtual Appliance: Receiving User-IP mappings Over a Secure Channel.

Add App to Cisco Meraki

This process needs to be done only once.

In Meraki, navigate to System Manager > Apps > Add Apps > Add New Android App.

Search for AnyConnect or for the bundle id com.cisco.anyconnect.vpn.android.avf.

Select the app and approve the permissions, then click Approve. If the app has been previously approved, simply re-approve it.

Add Configuration for App

Navigate to System Manager > Settings and click Add Profile.
Select Device Profile (default) from the pop-up, then click Continue.

Name the profile.

Click Add Settings.
Select the Android device type, then search for Managed App Config.

Choose Android from the Platform menu, then choose AnyConnect from the App menu.
Click +.

Choose umbrella_org_id from the menu, and enter your org ID value. (Refer to the orgId property in the mobileconfigAndroid.json file.)
Click +. Choose umbrella_reg_token from the menu and enter the value. (Refer to the regToken property in the mobileconfigAndroid.json file.)
Click +. Choose umbrella_va_fqdns from the menu and enter the value. For example, va1.yourdomain.com.

Click Add Settings, then search for Certificate. Click to select the result.
Name the certificate, then click Choose File.

In the popup window, select the Umbrella root CA file you downloaded from the Umbrella dashboard. For example, https://dashboard.umbrella.com/o/<*YOUR-ORG-ID*>/#/deployments/configuration/rootcertificate.
Click Save.
Upload the CA certificate, then click Save.
Navigate to Profile Configuration and deploy the configuration to one or more Android devices.
Click Save.