Skip to main content
Cisco Meraki

Cisco+ Secure Connect - IdP Azure AD SAML Configuration


This guide will provide you the steps to configure Security Assertion Markup Language (SAML) authentication with Active Directory (AD), providing individual user and group-based identities for policy enforcement.


Go to Secure Connect -> MONITOR -> Users, select your identity provider, click Start under "Bring Your ID Provider".

idp PICKER.png

This will take you to the Umbrella Dashboard.  In this quickstart, you use the Azure Active Directory Admin Center to add an enterprise application (Cisco Umbrella) to your Azure Active Directory (Azure AD) tenant. You will configure Cisco Umbrella as a SAML based SSO provider.

To complete the Azure configuration, you first need to download the Umbrella metadata file

Step  1           On Cisco Umbrella, navigate to Deployments->Configuration->SAML Configuration and click Add

Step  2           Select Azure as your Identity Provide (IdP) and click Next


Step  3           On the resulting screen, select Download the Umbrella Metatdata file and leave this screen open.  You will pick up configuration from this point later.


Step  4           Go to the Azure Active Directory Admin Center and sign in

Step  5           In the left menu, select Enterprise applications. The All applications pane opens and displays a list of the applications in your Azure AD tenant.

Step  6           In the Enterprise applications pane, select New Application.

Note: The Browse Azure AD Gallery pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Cisco Umbrella is listed twice in this gallery, however, these listings are not applicable for this use case-SAML authentication of remote access users.

Step  7           Select Create your own application and enter a name that you want to use to recognize the instance of the application. For example, SAML for Cisco Umbrella for RAS.



Step  8           Select Integrate any other application you don’t find in the gallery (non-gallery)

Step  9           Select Create

Step  10        In the resulting Overview screen, select Assign users and groups


Step  11        On the resulting screen, select Add user/group



Step  12        On the resulting Add Assignment pane, select None Selected under Users and groups.

Search for and select the user that you want to assign to the application. For example,

Step  13        Select Select.

Step  14        On the Add Assignment pane, select Assign at the bottom of the pane.

Enable Single-Sign On 

Now that you’ve selected your users, in the Manage section of the left menu select Single sign-on to open Single sign-on pane for editing

Step  15        Select the SAML tile to continue


Step  16        On the resulting screen, select Upload metadata file.  This is the xml file that you downloaded from Cisco Umbrella from step 3.


Step  17        Once the upload is successful, click Save on the resulting Basic SAML Configuration pane


Step  18        Scroll down to the SAML Signing Certificate section and download the Federation Metadata XML


Step  19        Now upload this Azure metadata xml file to Cisco Umbrella ( where you left off at Step 3 above) and click Next


Step  20        From the Re-Authenticate Users drop-down list, choose how often Umbrella re-authenticates users: Never, Daily, Weekly, or Monthly


Step  21        Click Save

Step  22        To verify that the integration is successful, press the Test Configuration button



A success looks like this:



If you receive a failure, go back to Azure and click the Test button and follow the resolution guidance provided.


Next Steps
see Cisco+ Secure Connect Azure SCIM Integration

  • Was this article helpful?