Meraki

from_afar · ‎Sep 29 2024

If a user signs in to the VPN via SAML and Admin > Authentication > SAML authentication is configured and working, does a user signing in to the VPN authenticate them to Umbrella as well? I can't seem to find an answer in the docs and testing seems like it is not working that way.

PhilipDAth · ‎Sep 30 2024

You don't say which Idp you are using, and the answer depends. If the Idp is configured to allow it - then yes.

from_afar · ‎Sep 30 2024

Thanks for the reply.

by Idp do you mean identity provider? I have configured Azure SAML for admin login and that seems to work fine:

I can log in to the admin dashboard via Azure.

I have also configured SAML settings in deployment:

and when I "test" that configuration it says it passes.

However, I can't find or see anything that identifies whether or not if a user authenticates via AnyConnect Azure SAML whether or not they will be authenticated to Umbrella and thus can have policies etc. applied to their Azure account.

Does this Idp allow this? Is there somewhere I'm missing where this would get configured?

Appreciate the help.

PhilipDAth · ‎Sep 30 2024

I can't find the specific document, but Cisco Secure Client reports to Umbrella who the currently logged in user is (nothing to do with VPN). The user doesn't need to authenticate to Umbrella seperately.

In the Entra ID sync users to Umbrella document, it talks about the attributes that are required to be synced to allow this information to be sent.

Meraki

Community

Does AnyConnect SAML Authentication also authenticate user for Umbrella?

Does AnyConnect SAML Authentication also authenticate user for Umbrella?