Configure Authentication for AD Connectors and VAs
Cisco Umbrella communicates with your deployed Cisco Active Directory (AD) Connectors and Umbrella Virtual Appliances (VAs).
Umbrella makes software syncs and health checks to your AD Connectors and Umbrella Virtual Appliances (VAs) periodically. To manage the authentication of the communications from the AD Connector or VAs to Umbrella, we recommend that you configure API key credentials for your AD Connector and VA deployments.
Your API key credentials apply to all AD Connectors and Umbrella Virtual Appliances deployed in your environment.
Note: The API key authentication is available for Umbrella Virtual Appliance version 3.7.0 and newer and the Cisco AD Connector version 1.14.4 or newer.
For more information about authentication and deploying Virtual Appliances, see Configure Authentication for Virtual Appliances.
How to Set Up Your API Credentials
First, create an Umbrella Key Admin API key and secret. Then, use your Key Admin API key credentials to generate your Umbrella client API key credentials. Your Umbrella client API key and secret are stored in the Virtual Appliances and Active Directory (AD) Connectors deployed in the organization. Umbrella client API key credentials are valid for 90 days.
Virtual Appliances and AD Connectors use your Umbrella client API key credentials to generate an OAuth 2.0 access token, which authorizes API requests from the Virtual Appliances and AD Connectors to Umbrella.
Table of Contents
Prerequisites
- Full Admin role in Umbrella. For more information, see Manage Accounts.
- Cisco AD Connector version 1.14.4 or newer.
- Umbrella Virtual Appliance version 3.7.0 or newer.
Procedure
Create an Umbrella Key Admin API key and secret. Use the Umbrella Key Admin API credentials to generate your Umbrella API client key credentials. The Umbrella API client key and secret are stored in the Virtual Appliances and AD Connectors that you deploy in your environments. The generated API credentials (key and secret) apply to all Virtual Appliances and AD Connectors in the organization.
Step 1 – Create the Key Admin API Key Credentials
-
Create an Umbrella Key Admin API key. For more information, see Add Key Admin API Key.
Select all of the permissions for the key.
Note: Save the Umbrella Key Admin API key and secret and use these credentials to configure the authentication for the Virtual Appliances and AD Connectors in the organization.
Step 2 – Add the Key Admin API Key Credentials to Sites and Active Directory
Add the Umbrella Key Admin API key and secret to the Sites (Virtual Appliances) and AD Connectors configuration in Umbrella.
-
Navigate to Deployments > Configuration > Sites and Active Directory.
-
Click Settings and then select Manage Credentials.
-
Add the Key Admin API key and secret. For more information, see Step 1 – Create the Key Admin API Key Credentials.
- Copy and save the Umbrella API client key and secret to your local environment.
Refresh API Key Credentials
Refresh your Umbrella client API key and secret.
-
Navigate to Deployments > Configuration > Sites and Active Directory.
-
Click Settings and then select Manage Credentials.
-
Click Refresh, and then click Save.
The Umbrella API client key and secret are removed.
Note: After you refresh your Umbrella API key credentials, create a new Umbrella API key and secret. For more information, see Step 1 – Create the Key Admin API Key Credentials.
Delete API Keys
Delete your Umbrella Key Admin API key and Umbrella client API key. Unless you have unusual circumstances, we do not recommend that you delete your Umbrella API key credentials.
Important
After you delete the Umbrella Key Admin API key and Umbrella client API key, existing AD Connector deployments continue to sync with Umbrella and authenticate with your Umbrella API client credentials for up to 90 days.
-
Navigate to Deployments > Configuration > Sites and Active Directory.
-
Click Settings and then select Manage Credentials.
-
Click Delete to open the confirmation window.
-
Check the box to confirm the deletion of the Umbrella Key Admin API key and the Umbrella client API key.
-
Click Delete to remove both API keys.
Note: After you remove your API keys, you can create a new API key credentials. For more information, see Step 1 – Create the Key Admin API Key Credentials.
Prerequisites for AD Connectors < Configure Authentication for AD Connectors and VAs > Configure Updates on AD Connector
Updated about 2 months ago