Cisco Secure Connect Account Setup FAQ

Last updated
Save as PDF

This is a collection of common questions and issues around the account setup process:

This article outlines common questions and issues related to Cisco Secure Connect account setup, including supported use cases and known limitations. It also highlights technical constraints and caveats, such as the inability to file Secure Connect support tickets directly from the Umbrella dashboard.

Note: If you encounter issues, check out the Account Setup Troubleshooting guide.

What use cases ARE supported?

One to one (1:1) Meraki to Umbrella organization (org) mapping
- Pre-existing Meraki org (Meraki Brownfield)
- New Meraki org (Meraki Greenfield)
- Pre-existing Umbrella org (Umbrella Brownfield)*
  - See exceptions below
- New Umbrella org (Umbrella Greenfield)
- Umbrella customers with the Multi-org can continue to use Multi-org with Cisco Secure Connect. To do this, they must order Multi-org at the same time when they order Secure Connect. It's crucial to note that there is no direct integration between Secure Connect and Multi-org. Customers can access Multi-org via their existing Multi-org dashboard. Furthermore, the use of Multi-org will remain limited to DNS content and security policy management.

What use cases are NOT supported?

One-to-many Meraki to Umbrella org mapping
Many-to-one Meraki to Umbrella org mapping
Umbrella Remote Browser Isolation is not supported in Secure Connect
Upgrade of an Umbrella Org that was purchased through EA

Are there any technical limitations regarding one-to-many and many-to-one org mapping?

A 1:1 org mapping between one Meraki org and one Umbrella org is required for Secure Connect. It is established through API key exchange, initiated by the onboarding process (email). This ensures that single sign-on (SSO), reporting, and other capabilities work as intended.

A one-to-many relationship between Meraki and Umbrella orgs is not supported.

What are the known caveats?

Umbrella orgs are not “aware” of which Meraki org they are mapped to. Implications of this are:

Users cannot file a Secure Connect Support ticket from the Umbrella dashboard after logging into Umbrella directly.
Users cannot launch directly into their Meraki org after logging into Umbrella directly.

Note: if you need to contact support for any help with the following issues, providing them with a the Umbrella Organization ID and link to your Meraki Dashboard will expedite the process. See below for how to find your Umbrella org ID. How to Contact Support

How can I change the email account associated with Secure Connect?

To change the email account associated with Secure Connect, you should contact Secure Connect support. They will assist you in updating the email account to the desired one.

What happens if the name does not coincide with the business name of our company?

If the name in the welcome email does not coincide with the business name of your company, you should contact Secure Connect support. They will assist you in resolving any discrepancies and updating the information to accurately reflect your business name.

What is the org number that appears in the welcome email, and how can I benefit from knowing it?

The org number that appears in the welcome email is a unique identifier for your organization within the Secure Connect system. Knowing your org number can be beneficial when communicating with Secure Connect support or referencing your organization's account details. It helps them quickly locate and identify your organization in their systems, making it easier to provide you with the necessary support and assistance.

When you are logged into the Umbrella dashboard, check the URL in the address bar: https://dashboard.umbrella.com/o/<*OrgID*>/#/<*page*>
<OrgID> represents your unique Umbrella Org ID.

How can I get the email re-sent?

If you need the welcome email to be resent, you can reach out to Secure Connect support and request a re-send. They will be able to assist you in sending the email to the specified email address again.

How can I confirm if an Umbrella or Meraki dashboard is associated with the account the email was sent to?

To confirm if there is any existing Umbrella or Meraki dashboard associated with the account the email was sent to, you can check your email inbox for any previous communications or account activation emails from Secure Connect.

Additionally, you can contact Secure Connect support, provide them with the account details, and request confirmation. They will be able to verify if there are any Umbrella or Meraki dashboards already linked to the account.

Why aren't the dashboards linking automatically?

There can be various reasons for this issue. It could be due to mismatched emails between the logged-in user and the order, technical glitches, configuration mismatches, or compatibility issues. In such cases, it is best to reach out to Secure Connect support for troubleshooting assistance. They can help identify the root cause of the problem and guide you in resolving it.

The new provisioning process and API keys

We are improving the way we integrate with Cisco’s SSE engine and will soon retire our use of Umbrella Legacy API Keys. As a part of this effort, we will generate new API keys (KeyAdmin Keys) for your organization. Related to those efforts is the new provisioning process that uses the new API key type and improves onboarding experience. Below questions are related to these upcoming improvements.

Are we going to transition away from Legacy API keys?

Absolutely! We are in the process of creating new backfill API keys within the Umbrella KeyAdmin Keys type. These new keys are being introduced to facilitate a smooth transition for your organization and ensure that the usage of existing Legacy keys remains uninterrupted. The migration is designed to be seamless, without additional manual steps.

Does this imply a shift away from Legacy API keys?

Yes it does! Post-General Availability (GA), the Legacy Keys associated with Umbrella will no longer be used for Secure Connect functions.

In the event a customer employs DNS Umbrella with Legacy API keys, will the migration impact this? Could it affect other integrations they might have?

Not at all. Introducing the new backfill keys is a non-disruptive process that will neither delete nor rotate any existing keys that are operational within Meraki or other systems. After the GA milestone is reached, it will be possible to update the legacy keys without compromising the Secure Connect integration.

Is the key type verified during automated or manual provisioning processes?

Yes, the key type verification is a part of the new provisioning system. Once it becomes generally available (GA), it will allow only a key of the 'KeyAdmin Keys' type. Requests with other Umbrella keys, such as API Keys, Static Keys, and Legacy Keys, will result in failure to complete the provisioning process.

Is the organization validated during automated or manual provisioning processes?

Yes. The new provisioning system, once GA, will not accept a key associated with a different organization.

What happens if I don't see Secure Connect capabilities activated in the Umbrella or Meraki dashboard?

If you don't see Secure Connect capabilities activated in the Umbrella dashboard, it could be due to various reasons such as account provisioning issues or a delay in the activation process. In such cases, it is recommended to contact Secure Connect support and inform them about the situation. They will be able to investigate and ensure that the Secure Connect capabilities are properly activated in your Umbrella dashboard.

I have already integrated my MX with Umbrella, how do I complete setup for Secure Connect?

Organizations that have configured the Meraki MX - Umbrella DNS Integration will have the Umbrella Network Devices API key present in the Meraki org. Automatic API key exchange will fail and require manual sharing of keys. View this article for details. Policies will be preserved in this case.

Note: The Network Device API key should already be present but the Management and Reporting API keys will have to be created new.

If the Network Device API key is stored, re-use this token when provisioning Secure Connect. It should auto-populate in the manual API key flow.
If the Network Device API key is NOT stored:
- Refresh the Umbrella Network Devices API token (this breaks the existing Umbrella DNS integration)
- Re-apply the newly refreshed token to the Meraki networks using the Umbrella DNS integration

I have integrated my MR with Umbrella, how do I complete setup for Secure Connect?

Manually Integrated MR and Umbrella DNS

Organizations that have Manually Integrated Umbrella DNS with MR will have the Umbrella Network Devices API key present in the Meraki org. Automatic API key exchange will fail and require manual sharing of keys. View this article for details. Policies will be preserved in this case.

Note: The Network Device API key should already be present but the Management and Reporting API keys will have to be created new.

If the Network Device API key is stored, re-use this token when provisioning Secure Connect. It should auto-populate in the manual API key flow.
If the Network Device API key is NOT stored:
- Refresh the Umbrella Network Devices API token (this breaks the existing Umbrella DNS integration)
- Re-apply the newly refreshed token to the Meraki networks using the Umbrella DNS integration

Automatically Integrated MR and Umbrella DNS

Organizations that have Automatically Integrated Umbrella with Meraki MR must first contact support to remove the integration. Policies will not be preserved in this case. Then, complete the account setup from the appropriate guide here.

For Service Providers who have a mix of MR-Advanced and Secure Connect customers see our Account Setup Troubleshooting article.