Jump to Content
Umbrella SIG User Guide
Guides
ProductDeveloperPartnerPersonalUmbrella SIG User Guide
Guides
ProductDeveloperPartnerPersonal
Manage Authentication

Cisco Umbrella SIG User Guide

  • Welcome to Cisco Umbrella
    • Start Protecting Your Systems
    • Find Your Organization ID
    • Determine Your Current Package
    • Umbrella Policies Overview
    • SWG Data Centers
    • Reserved IP
    • Reserved IP Supplemental Terms
    • Reserved IP Supplemental Terms - Archived
    • View Cloud Security Service Status
    • Contact Umbrella Support
    • Password Policy FAQs
  • Get Started
    • Set Up DNS-Layer Security
    • Point Your DNS to Cisco Umbrella
    • Set Up Web Security
    • Configure the Secure Web Gateway
    • Uninstalling Umbrella
  • Umbrella Integration with Secure Web Appliance
    • Hybrid Policy
    • Hybrid Reporting
    • Configure Web Policies and Destination Lists
    • Policy Features
  • Limitations and Range Limits
    • Data Retention
    • Average Bandwidth
  • Manage Identities
    • Add a Network Identity
    • Delete a Network Identity
    • Identity and SIG Deployment
    • Add a Network Device
    • Delete a Network Device
    • Find the Total Number of Identities in Your Organization
  • Manage Domains
    • Add Internal Domains
    • Add External Domains and IPs
    • Bulk Upload External Domains and IPs
    • Wildcards and Domain Management
  • Manage DNS Policies
    • Add a DNS Policy
    • Test a DNS Policy
    • DNS Policy Settings
    • DNS Policy Precedence
    • Best Practices for DNS Policies
    • Enable SafeSearch for DNS Policies
    • Group Roaming Computers with Tags
  • Manage the Web Policy
    • Add a Ruleset to the Web Policy
    • Add Rules to a Ruleset
    • Test the Web Policy
    • Web Policy Precedence
    • Best Practices for the Web Policy and Rulesets
    • Manage Global Settings
    • Confirm SafeSearch for a Web Policy Ruleset
    • Understand Isolated Destinations
    • Monitor Bandwidth Usage in the App Discovery Report
  • Manage the Data Loss Prevention Policy
    • Add a Real Time Rule to the Data Loss Prevention Policy
    • Understand Exclusions in a Real Time Rule
    • Supported Applications
    • Add a SaaS API Rule to the Data Loss Prevention Policy
    • Discovery Scan
    • Edit a Data Loss Prevention Rule
    • Delete a Data Loss Prevention Rule
    • Enable or Disable a Data Loss Prevention Rule
    • Supported File and Form Types
  • Manage the Firewall Policy
    • Add a Firewall Rule
    • Add an FQDN List to a Firewall Rule
      • Bypass SWG using FQDN
    • Delete a Firewall Rule
    • Configure IPS Settings for Firewall Policy
    • Change a Firewall Priority
    • Monitor Hit Count
    • Edit Hit Count
    • Review Firewall Logs in Reports
    • Check Protocol of Firewall Traffic
  • Manage IPS
    • Add a Custom Signature List
    • Delete a Custom Signature List
    • Reset a Signature's Action
  • Manage Security Settings
    • Add a DNS Security Setting
    • Add a Web Security Setting
    • Dispute a Security Categorization
    • DNS Security Categories
    • Web Security Categories
    • Third-party Security Integrations
    • Set Up Custom Integrations
    • Custom Integration Best Practices
  • Manage Content Categories
    • Add a DNS Content Category Setting
    • Legacy DNS Content Category Definitions
    • DNS Content Categories
    • DNS Content Category Changes
    • Add a Web Content Category Setting
    • Web Content Categories
    • Web Content Category Name Changes
    • Migrate Content Categories
    • Dispute a Content Categorization
    • View Content Categories in Reports
  • Manage Data Classifications
    • Create a Data Classification
    • Copy and Customize a Built-In Data Classification
    • Delete or Edit a Classification
    • Create an Exact Data Match Identifier
    • Index Data for an EDM
    • Exact Data Match Field Types
    • Create an Indexed Document Match Identifier
    • Built-In Data Classifications
  • Built-In Data Identifiers
    • Copy and Customize a Data Identifier
    • Create a Custom Identifier
    • Custom Regular Expression Patterns
    • Individual Data Identifiers
  • Manage Application Settings
    • Add a DNS Application Setting
    • Add a Web Application Setting
    • Delete an Application Setting
    • Application Categories
    • Manage Advanced App Controls
  • Manage Tenant Controls
    • Add a Tenant Controls Setting
    • Control Cloud Access to Microsoft 365
    • Control Cloud Access to Google G Suite
    • Control Cloud Access to Slack
    • Control Cloud Access to Dropbox
    • Review Tenant Controls Through Reports
  • Manage Destination Lists
    • Add a DNS Destination List
    • Add a Web Destination List
    • Add a SAML Bypass Destination List
    • Edit a Destination List
    • Add Destinations in Bulk
    • Download Destinations to a CSV File
    • Control Access to Custom URLs
    • Wildcards and Destination Lists
    • Add Top-Level Domains To Destination Lists
    • Add Punycode Domain Name to Destination List
    • Test Your Destinations
    • Troubleshoot DNS Destination Lists
  • Manage File Analysis
    • Enable File Inspection for DNS Policies
    • Enable File Inspection for the Web Policy
    • Enable Cisco Secure Malware Analytics (Threat Grid)
    • Test File Inspection
    • Troubleshoot File Inspection
  • Manage File Type Control
    • Enable File Type Control
    • File Types to Block
    • Review File Type Controls Through Reports
  • Manage Selective Decryption
    • Add a Web Selective Decryption List
    • Enable Certificate Error Handling
  • Manage Schedule Settings for the Web Policy
    • Add a New Schedule Setting for the Web Policy
  • Manage Certificates
    • Install the Cisco Umbrella Root Certificate
    • Add Customer CA Signed Root Certificate
    • Delete Customer CA Signed Root Certificate
    • View Cisco Trusted Root Store
  • Manage the Intelligent Proxy
    • Enable the Intelligent Proxy
    • Test the Intelligent Proxy
    • Test Selective Decryption
    • Review the Intelligent Proxy Through Reports
    • Enable SSL Decryption
    • Test SSL Decryption
  • Manage Umbrella's PAC File
    • Deploy Umbrella's PAC File for Windows
    • Deploy Umbrella's PAC File for Mac
    • Upload Custom PAC Files to Umbrella
  • Manage Proxy Chaining
    • Forwarded-For (XFF) Configuration
  • Customize Block and Warn Pages
    • Create a Custom Block Page
    • Create a Custom Warn Page
    • Allow Users to Contact an Administrator
    • Add a Custom Logo
    • Redirect to a Custom Block Page
    • Block Page IP Addresses
    • Set Up a Block Page Bypass User
    • Create a Block Page Bypass Code
    • Enable Block Page Bypass in a Policy
  • Manage Tunnels
    • Check Device Compatibility
    • Add Network Tunnel Identity
    • Supported IPsec Parameters
    • Connect to Cisco Umbrella Through Tunnel
    • Monitor Network Tunnel Status
  • Network Tunnel Configuration
    • Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
    • Configure Tunnels Automatically with Catalyst SD-WAN cEdge and vEdge
    • Configure Tunnels with Meraki MX – Option 1
    • Configure Tunnels with Meraki MX – Option 2
    • Configure Tunnels with Cisco Adaptive Security Appliance (ASA)
    • Configure Tunnels with Cisco ISR
    • Configure IKEv2 IPsec Tunnel with Umbrella
    • Configure Tunnels Automatically with Cisco ASA and CDO
    • Configure Tunnels with Cisco Secure Firewall
    • Configure Tunnels with Palo Alto IPsec
    • Configure Tunnels with Alibaba Cloud IPsec
    • Configure Tunnels with Palo Alto Prisma SDWAN
    • Configure Tunnels with Cisco Router in AWS
    • Configure Tunnels with Azure IPsec
    • Configure Tunnels with Oracle Cloud IPsec
    • Configure Tunnels with Google Cloud Platform IPsec
    • Configure Tunnels with Sophos XG IPsec
    • Configure Tunnels with Silver Peak
    • Configure Tunnels with Fortinet IPsec
    • Configure Tunnels with Checkpoint GAiA
    • Configure Tunnels with NEC IX2000/3000 Series Router
  • Manage Accounts
    • Add a New Account
    • Delete an Account
    • Change Account Settings
    • Hide Identities with De-identification
  • Manage User Roles
    • Add a New User
    • Add a Custom User Role
  • Manage API Keys
    • Add Umbrella API Keys
    • Add Umbrella Legacy API Keys
    • Add Static API Keys
    • Add KeyAdmin API Keys
  • Manage Your Logs
    • Upgrade Reports
    • Enable Logging to Your Own S3 Bucket
    • Enable Logging to a Cisco-managed S3 Bucket
    • Change the Location of Event Data Logs
    • Stop Logging
    • Delete Logs
    • Log Formats and Versioning
      • Reports and CSV Formats
      • Admin Audit Log Formats
      • Cloud Firewall Log Formats
      • Data Loss Prevention (DLP) Log Formats
      • DNS Log Formats
      • IPS Log Formats
      • Web Log Formats
  • Manage Authentication
    • Enable Two-Step Verification
    • Disable Two-Step Verification
    • Enable Cisco Security Cloud Sign On
    • Disable Cisco Security Cloud Sign On
    • Get Started with Single Sign-On
    • Enable SSO with Duo
    • Enable SSO with PingID
    • Enable SSO with Okta
    • Enable SSO with OneLogin
    • Enable SSO with Azure
    • Enable SSO with Other IDPs
  • Manage Secure ICAP
  • Manage Cloud Malware Protection
    • Enable Cloud Malware Protection
    • Revoke Authorization for a Platform
    • Enable Cloud Malware Protection for AWS Tenants
    • Enable Cloud Malware Protection for Azure Tenants
    • Enable Cloud Malware Protection for Box Tenants
    • Enable Cloud Malware Protection for Dropbox Tenants
    • Enable Cloud Access Security Broker Features for Google Drive Tenants
    • Enable Cloud Access Security Broker Features for Microsoft 365 Tenants
    • Enable Cloud Malware Protection for ServiceNow Tenants
    • Enable Cloud Malware Protection for Slack Tenants
    • Enable Cloud Malware Protection for Webex Teams Tenants
  • Manage SaaS API Data Loss Prevention
    • Enable SaaS API Data Loss Protection for AWS Tenants
    • Enable SaaS API Data Loss Protection for Azure Tenants
    • Enable SaaS API Data Loss Protection for Box Tenants
    • Enable SaaS API Data Loss Protection for Dropbox Tenants
    • Enable SaaS API Data Loss Protection for Google Drive Tenants
    • Enable SaaS API Data Loss Protection for Microsoft 365 Tenants
    • Enable SaaS API Data Loss Protection for ServiceNow Tenants
    • Enable SaaS API Data Loss Protection for Slack Tenants
    • Enable SaaS API Data Loss Protection for Webex Teams Tenants

Identity Integrations

  • Introduction
  • Configure SAML Integrations
    • Prerequisites
    • SAML Certificate Renewal Options
    • Configure Azure AD for SAML
    • Configure Okta for SAML
    • Configure AD FS for SAML
    • Configure Duo Security for Cisco Umbrella SAML
    • Configure PingID for SAML
    • Configure OpenAM for SAML
    • Configure Other IdPs for SAML
    • Enable IP Surrogates for SAML
    • Configure SAML for Multiple EntityIDs
  • Provision Identities from Active Directory
    • Prerequisites for AD Connectors
    • Configure Authentication for AD Connectors and VAs
    • Configure Updates on AD Connector
    • Connect Active Directory to Umbrella
    • Deploy LDIF Files for AD Connector
    • View AD Components in Umbrella
    • Connect Multiple Active Directory Domains to Umbrella
    • Change the Connector Account Password
    • Communication Flow and Troubleshooting
  • Provision Identities Through Manual Import
  • Provision Identities from Microsoft Entra ID
  • Provision Identities from Okta
  • Active Directory Integration with Virtual Appliances
    • Prerequisites for AD Integration with VAs
    • Configure Active Directory User Exceptions
    • Prepare Your Active Directory Environment
    • Connect Active Directory to Umbrella VAs
    • Multiple Active Directory and Umbrella Sites
    • Change the Connector Account Password
    • Communication Flow and Troubleshooting

Reports

  • Get Started with Reports
    • Export Report Data to CSV
    • Bookmark and Share Reports
    • Report Retention
  • Schedule Reports
    • Schedule a Report
    • Update a Scheduled Report
  • Overview Report
  • Security Activity Report
    • View Activity and Details by Filters
    • View Activity and Details by Event Type or Security Category
    • View an Event's Details
    • Search for Security Activity
  • Activity Search Report
    • Use Search and Advanced Search
  • App Discovery Report
    • View the Highest Risk Apps
    • Review Apps in the Apps Grid
    • View App Details
    • Change App Details
    • Control Apps
    • Advanced App Controls
    • View Traffic Data Through SWG
    • View CDFW Events
  • Top Threats Report
    • Threat Type Details
    • Threat Type Definitions
  • Total Requests Report
  • Activity Volume Report
  • Top Destinations Report
    • Destination Details
  • Top Categories Report
    • Category Details
  • Top Identities Report
    • Identity Details
  • Admin Audit Log Report
    • Export Admin Audit Log Report to an S3 Bucket
  • Cloud Malware Report
  • Data Loss Prevention Report
  • Third-Party Apps Report
    • View App Details

Manage Roaming Client

  • Introduction
    • Prerequisites
  • Download and Install the Roaming Client
    • Verify Roaming Client Operation
  • Configure DNS Policies for Roaming Computers
  • Identity Support for the Roaming Client
  • Status, States, and Functionality
  • Virtual Appliances
  • Troubleshooting
  • Domain Management
  • Configure Protected Networks for Roaming Computers
  • Roaming Computers Settings
  • Encryption and Authentication
  • Command-line and Customization for Installation
  • Remote Logging and Diagnostics
  • macOS Mobile Device Management

Umbrella Roaming Security: Cisco Secure Client

  • Introduction
  • Umbrella Roaming Security: Cisco Secure Client (formerly AnyConnect)
    • Prerequisites
    • Deploy Umbrella module in Cisco Secure Client
      • Manual Installation of Cisco Secure Client (Windows and macOS)
      • Mass Deployment Overview
      • Mass Deployment (Windows)
      • Customize Windows Installation of Cisco Secure Client
      • Mass Deployment (macOS)
      • Customize macOS Installation of Cisco Secure Client
      • VPN Headend Deployment
      • Secure Firewall Management Center and Secure Firewall Threat Defense
      • Migration from Umbrella Roaming Client
      • Install the Root Certificate
      • Automatic Updates
      • Cloud Management
      • Additional References
      • Remote Monitoring and Management Deployment Tutorials
    • Meraki Systems Manager (SM) Deployment
    • Enable the Umbrella SWG Agent
    • DNS Protection Status
    • SWG Protection Status
    • Interpret Diagnostics
  • Active Directory Policy Enforcement and Identities
  • Virtual Appliances
  • Domain Management
  • Configure Protected Networks for Roaming Computers
  • Roaming Computer Settings

Manage Virtual Appliance

  • Introduction
    • Prerequisites
    • Deployment Guidelines
    • Importance of Running Two VAs
  • Deploy Virtual Appliances
    • Configure Authentication for Virtual Appliances
    • Deploy VAs in Hyper-V for Windows 2012 or Higher
    • Deploy VAs in VMware
    • Deploy VAs in Microsoft Azure
    • Deploy VAs in Amazon Web Services
    • Deploy VAs in Google Cloud Platform
    • Deploy VAs in KVM
    • Deploy VAs in Nutanix
    • Deploy VAs in Alibaba Cloud
  • Configure Virtual Appliances
  • Local DNS Forwarding
  • Reroute DNS
  • Update Virtual Appliances
  • Virtual Appliance Sizing Guide
  • SNMP Monitoring
  • Troubleshoot Virtual Appliances
  • Other Configurations

Sites and Internal Networks

  • Internal Networks Setup Guide
  • Provision a Subnet for Your Virtual Appliance
  • Manage Sites
  • Manage Internal Networks
  • Assign a DNS Policy to Your Site

Managed iOS Device

  • Cisco Security Connector: Umbrella Setup Guide
    • Quick Start
  • Meraki Registration
    • Verify Umbrella with Meraki
    • Meraki Documentation
  • IBM MaaS360 Registration
  • Intune Registration
  • Jamf Registration
  • MobiConnect Registration
  • MobileIron Registration
    • MobileIron Configuration
  • Workspace ONE Registration
  • Register an iOS Device Through a Generic MDM System
  • Apply a DNS Policy to Your Mobile Device
    • Umbrella Reporting
  • Add User Identity for Cisco Security Connector
  • Anonymize Devices
  • Export Device Data to CSV
  • Troubleshooting
  • Push the Umbrella Certificate to Managed Devices
  • Configure Cellular and Wifi Domains

Managed Android Device

  • Cisco Secure Client (Android OS)
  • Deploy the Android Client
    • Android Configuration Download
    • Cisco Meraki MDM
    • MobileIron MDM
    • VMware Workspace ONE
    • Microsoft Intune MDM
    • Samsung Knox MDM
    • Push the Umbrella Certificate to Managed Devices
    • Manage Pop-Ups and App Controls
  • Manage Identities
  • Export Device Data to CSV
  • Troubleshooting
  • Frequently Asked Questions

Unmanaged Mobile Device Protection

  • Umbrella Unmanaged Mobile Device Protection
  • Administrator Actions
  • End-User Actions

Cisco Security for Chromebook Client

  • Get Started
  • Migration Scenarios
  • Prerequisites
  • Limitations
  • Google Workspace Identity Service
  • Integrate Google Workspace Identities
  • Deploy the Chromebook Client
    • Bypass Internal Domains from DNS-over-HTTPS (DoH)
    • Enable Reporting for Private IP Address of Chromebook Device
    • Export Device Data to CSV
    • Verify and Debug
  • Protection Status
  • Chromebook-Specific DNS Policy
  • Chromebook-Specific Web Policy
  • Chromebook Client - FAQs
  • Google Workspace Identity Service FAQs

Hardware Integration

  • Integration for ISR 4K and ISR 1100 – Security Configuration Guide
    • Create a Legacy Network Devices API Token
  • Wireless LAN Controller Integration
  • Meraki Cloud-Managed Networks and Umbrella DNS
    • Set Up Umbrella for a Meraki Network
    • Configure DNS Forwarder for Umbrella
  • Mobility Express Integration
    • Configure Mobility Express for Umbrella
  • Cisco SD-WAN Powered by Catalyst SD-WAN and Umbrella
  • Integration for RV-series Routers
  • Cisco Catalyst 9200 and Catalyst 9300 Switches
  • Cisco DNA Center
  • Cisco Secure Firewall

Cisco Adaptive Security Appliances (ASA)

  • Integration for ASA Overview
    • Prerequisites
  • Import the Digicert Certificate Authority
  • Configure the Umbrella Connector
    • Verify Operation
  • Monitor the Umbrella Connector
  • Delete an ASA

Manage Authentication

Suggest Edits

You can manage how administrators log into your Umbrella dashboard. You can use two-step verification, single sign-on, or enable two-step verification in the SSO IdP.

We recommend using Duo for both SSO and two-step verification.


Web Log Formats < Manage Authentication > Enable Two-Step Verification

Updated 3 months ago