Configure the OrgInfo.json File

The OrgInfo.json file contains specific information about your Cisco Umbrella service subscription that lets the Roaming Security module know where to report and which policies to enforce. You can deploy the OrgInfo.json file and enable the Umbrella Roaming Security module from the ASA or ISE using CLI or GUI. The steps below describe how to enable from the ASA first and then how to enable from ISE.

Manual or Device Management (Most Common)

Use this deployment type while deploying directly without a Cisco VPN profile.

  1. Download a copy of the configuration profile from the Umbrella Dashboard (see Quick Start Guide).
  2. Depending on your system, store the file in the following locations:

If running AnyConnect:

  • Windows: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella
  • Mac: /opt/cisco/anyconnect/Umbrella/

If running Cisco Secure Client:

  • Windows: %ProgramData%\Cisco\Cisco Secure Client\Umbrella
  • Mac: /opt/cisco/secureclient/Umbrella/

If deploying after installing AnyConnect, the folder structure will already be in place. If deploying the OrgInfo.json before installing AnyConnect, you will need to create the folder before placing the file.

The client activates the Umbrella module once installed and OrgInfo.json is present in the Umbrella directory.


  1. Upload the OrgInfo.json that you obtained from the Umbrella​ dashboard to the ASA file system.
  2. Issue the following commands, adjusting the group-policy name as appropriate for your configuration.

Note: The file name on the ASA is case sensitive. If you upload a file named OrgInfo.json, you must maintain the case of the filename.

In the following example, you can configure the default group policy by setting <Group_Policy_Name> to DfltGrpPolicy.

	anyconnect profiles orginfo disk0:/OrgInfo.json

group-policy <Group_Policy_Name> attribute
		anyconnect profiles value orginfo type umbrella

group-policy <Group_Policy_Name> attributes
		anyconnect modules value umbrella


Note: ASDM 7.6.2 is required to configure the Roaming Security module through the GUI.

  1. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile.
  2. Choose Add.
  3. Give the profile a name.
  4. Choose the Umbrella Security Roaming Client type from the Profile Usage drop-down list. The OrgInfo.json file populates in the Profile Location field.
  5. Click Upload and browse to the location of the OrgInfo.json file that you downloaded from the dashboard.
  6. Associate it with the DfltGrpPolicy at the Group Policy drop-down list or the policy of your choice. For information about how to specify the new module name in the group-policy,
    see Enable Additional AnyConnect Modules.


Get the Roaming Security Module up and Running < Configure the OrgInfo.json File > Enable the AnyConnect SWG Agent