An Umbrella identity represents a network entity, user, or group. You can add an identity to an Umbrella policy and enable security settings, and destination and content access controls. For information about Umbrella policies, see Umbrella Policies Overview.
Umbrella can identify a user, group, or network entity by:
- Public IP address
- Internal IP address and hostname
- Network device information
- IPsec (Internet Protocol Security) tunnel authentication: IKEv2 (Internet Key Exchange, version 2)
- Security Assertion Markup Language (SAML)
- Active Directory users and groups
- Google Workspace identity
The following table describes the Umbrella deployment and identity types.
Deployment | Identity | Description |
|---|
PAC file | | - Web policy only.
- Network identity required.
- Security Assertion Markup Language (SAML) authentication provides identity of browser traffic.
- Integrate SAML with Active Directory (AD) groups and users.
- For more information, see Manage Umbrella's PAC File.
|
Proxy chaining | | - Web policy only.
- Security Assertion Markup Language (SAML) authentication provides individual user and group-based identities for policy enforcement.
- Internal IP provided by proxy X-Forwarded-For (XFF) to HTTP headers.
- For more information, see Manage Proxy Chaining.
|
IPsec tunnel | - Network Tunnels
- Users and Groups
| - DLP, Firewall, and Web policies.
- Security Assertion Markup Language (SAML) authentication provides individual user and group-based identities for policy enforcement.
- Enable Active Directory (AD) and provision groups and users to map internal IP address.
- Network device integrations. For more information, see Network Tunnel Configuration.
|
AnyConnect Roaming Security Module (macOS, Windows) | - Networks
- Roaming Computers
- Users and Groups
| - DNS and Web policies. You can enable the intelligent proxy through the DNS policy. If you add a Web policy rule, we recommend that you disable the intelligent proxy.
- Enable Active Directory (AD) and provision groups and users to map internal IP address and hostname of the entity to the Roaming Computer identity.
- For more information, see Umbrella Roaming Security Module for AnyConnect.
|
Umbrella Roaming Client (macOS, Windows) | - Networks
- Roaming Computers
- Users and Groups
| - DNS policy only. You can enable the intelligent proxy through the DNS policy.
- Enable Active Directory (AD) and provision groups and users to apply policy to AD users and groups.
- For more information, see Roaming Client User Guide.
|
Umbrella mobile client app (iOS, Android) | | |
Network device | | - DNS policy only.
- You can enable an internal IP address that reports on select devices.
- For more information, see Hardware Deployments.
|
Network | - Networks
- Internal Networks
| - DNS policy only. You can enable the intelligent proxy through the DNS policy.
- Egress public IP address identity.
- For Web policy: Internal Networks (All Tunnels). When adding an internal network, select Network Tunnel. For more information, see Manage Internal Networks.
- For more information, see Add a Network Identity.
|
Umbrella Chromebook client | - Networks
- Chromebook Users
- Google Workspace Users and Organization Units
| - You can enable the intelligent proxy through the policy.
- Enable Google Workspace integration for Google Workspace user and Organization Unit.
- For more information, see Chromebook Client User Guide.
|
Virtual Appliance | - Networks
- Sites
- Internal Networks
- Users and Groups
| - DNS policy only. You can enable the intelligent proxy through the DNS policy.
- Enable Active Directory (AD) and provision groups and users to map the internal IP address and hostname of the entity to the Roaming Computer identity.
- For more information, see Virtual Appliance User Guide.
|
Delete a Network Identity < Identity and SIG Deployment > Add a Network Device
