Cisco Secure Connect - Sign-on Once
Overview
Secure Connect is delivered via capabilities based on both Meraki and Umbrella dashboards. The goal of the Sign-on Once Between dashboards is to create one unified experience between Secure Connect ( Meraki ) and Umbrella dashboard.
Assumptions
- The Admin User will log into the Secure Connect ( Meraki ) dashboard directly, before accessing any Umbrella pages.
- This integration only works with users that have the Secure Connect ( Meraki ) org synced with an "enabled" Umbrella org (API Integration is successful).
- Admin users only need to be created once, and from the Secure Connect ( Meraki ) dashboard.
- Sync is one-way Secure Connect ( Meraki ) -> Umbrella.
- New Admins added to (or updated in) Umbrella will not sync to Secure Connect ( Meraki ) yet.
- Sync includes add, update, and delete.
- If an admin's email attempting to be synced already exists in Umbrella, the admin's account will be updated matching Meraki permissions.
- Example: Admin-A was a read-only user existing in Umbrella. If Admin-A is added as a full-access admin in Secure Connect ( Meraki ) , they will become a full access admin in the Secure Connect enabled Umbrella org.
- If an admin's email attempting to be synced already exists in Umbrella, the admin's account will be updated matching Meraki permissions.
Sign-On Once
This enables logged-in Secure Connect users to automatically be logged-in to the Umbrella dashboard when clicking on any Umbrella link, regardless of whether they've manually logged-in to Umbrella.
Prerequisites :
- API Integration to provision Secure Connect has been done.
- Admin user has the same email address in Meraki and Umbrella (see Admin Sync below).
Meraki Admin Configuration
Add an Administrator to the desired Secure Connect org.
Notice: Secure Connect Admins must have org-level permissions (read or write).
-
Network-only access will not allow Secure Connect access, and will not sync.
Once this is done, the users can be directed between dashboards smoothly. See example below:
- In Secure Connect, there is a link to an Umbrella page (note the icon: )
- When a user clicks a link () they will be automatically logged into the Secure Connect enabled org in Umbrella, and routed to the relevant page
- There will be a link to Secure Connect support visible at all times.
- There will be a link to the last Secure Connect (Meraki) page visible at all times.
Admin Sync
The admin sync feature automatically syncs new and existing Secure Connect admin users and permissions from Secure Connect ( Meraki ) to Umbrella. This ensures that admin user accounts in both Secure Connect ( Meraki ) and Umbrella dashboards in order to seamlessly navigate between them; this also attributes changes made in the Secure Connect dashboard to the individual user, rather than the organization.
We ensure that all admin users have the same email configured on the Umbrella side with admin sync.
Notice: Admin who has generated API Keys will not be deleted/updated by Admin Sync to preserve API Keys.
-
Example: Admin-A is the one who generated Umbrella API keys during the integration procedure. Admin-A left the company and their record is deleted from the Secure Connect ( Meraki ) side; there are still connections between Admin-A and Umbrella API keys. In this case, the new administrator Admin B should re-generate API keys, remove Admin A directly from Umbrella, and re-do the integration under Secure Connect -> Umbrella API keys section.
For Creating user accounts: Cisco Secure Connect - User Account Creation