Home > Endpoint Management > Apps and Software > Cisco Security Connector (CSC)

Cisco Security Connector (CSC)

Overview

Cisco Security Connector (CSC) is the latest round of innovation to come out of the Cisco-Apple partnership, delivering Clarity (AMP for Endpoints) and Umbrella exclusively through Cisco Meraki Systems Manager to enable a new level of visibility and security to supervised iOS 11 devices. This article details how to configure your Cisco Meraki Dashboard console for CSC.

For general information on CSC, see here, or visit the respective pages for Clarity and Umbrella.

 

Required Steps/At-a-Glance

  • Enroll your devices in supervision, usually through DEP

  • Register for VPP to distribute applications licenses to each device

  • Set up your Cisco Meraki Dashboard account with licensing for Meraki Systems Manager

  • Provision licenses in the VPP portal for each of your devices to eventually use

  • Enroll your devices and ensure they are supervised

  • Enable API access in the Meraki Dashboard and generate a key

  • Enter the key into the Cisco AMP and Cisco Umbrella consoles

Register for DEP and VPP

To deploy the Cisco Security Connector to your devices, you will need to supervise your devices, typically through DEP, and distribute the application through VPP. For more information on these Apple Programs, see Apple’s official deployment guide here: https://help.apple.com/deployment/business

We recommend following the above link and registering your organization for these accounts with Apple in advance, as Apple DEP and VPP processing can take several days and is required prior to deploying CSC.

Device Enrollment Program

CSC can only be configured on supervised iOS 11 devices. The easiest way to supervise devices is with Apple’s Device Enrollment Program, or DEP, which allows you to automate supervision and enrollment during the initial device setup steps by pairing a device with Systems Manager even before it’s delivered and powered on. This means that iOS devices out of the box will check into Apple’s servers, enroll into Systems Manager, and pull down pre-configured apps and profiles, including Cisco Security Connector, automatically.

Volume Purchase Program

VPP is an Apple program that allows you to centrally manage your organization’s application licensing, for both free and paid apps. Distributing apps through VPP allows you to grant and revoke licenses to devices while retaining central ownership, and also install apps ‘silently’ on iOS devices without requiring the end user to confirm or sign in with an Apple ID.

Set up the Meraki Dashboard

Note that these steps need to be completed by an organization admin.

You’ll first need to create a Meraki Dashboard account or sign into an existing one. If your organization is not yet licensed for Systems Manager, claim your purchased license key under Organization > License info before you continue setting up the Dashboard or enrolling devices. After claiming your license, you will see “Systems Manager - Enabled (paid)”.

If you do not have a Systems Manager network yet, navigate to Organization > Create network to create an EMM network for your devices to enroll into. If you have Meraki hardware, this can be combined with your hardware networks through Organization > Overview.

In order to push CSC configurations to your devices, you will need to create a new profile under Systems manager > Manage > Settings. By default, this profile will install on all iOS devices that are enrolled into your network. To narrow the selection of devices CSC is deployed to, you can change the tag scope on the profile. Your devices can be tagged to receive this profile in a later step. For more information on creating profiles, see this article.

Set Up VPP

After setting up your organization’s VPP account with Apple, sign into the VPP portal and provision licenses for Cisco Security Connector. Although it is a free application, licenses still need to be ‘purchased’ (at no cost) in your VPP account in order to install applications seamlessly on your enrolled iOS devices. Ensure you have at least one license for each of the devices you plan to deploy CSC to.

To automate enrollment into Systems Manager, we also recommend provisioning Meraki Systems Manager licenses for each of your devices as well.

Once licenses have been provisioned, follow these steps to link your VPP account to the Meraki Dashboard. Once linked, you should see your CSC licenses available in Systems manager > Manage > VPP.

For more information on using VPP, refer to this article.

Set Up DEP

After registering your DEP account (see above) you will need to complete the follow steps to automatically enroll and supervise your devices in Systems Manager. The following steps are all detailed in our DEP setup guide.

  1. Link your DEP account to the Meraki Dashboard

  2. Add your devices into DEP by order or serial number

  3. Assign settings to supervise your devices. If you changed the tag scope of your profile, you can edit the tags of the device in the DEP page to match the profile at this step.

  4. Boot up your device for the first time, or factory reset it if already deployed. After connecting to wireless during the setup assistant, your device should automatically enroll into Systems Manager.

To confirm a device was successfully enrolled and supervised, navigate to Systems manager > Monitor > Clients and select the device. You should see under the management section: “Supervised: Yes”.

 

For more information on using DEP, refer to this article.

Deploying the Connector

The last steps involve linking your AMP and Umbrella consoles to the Meraki Dashboard and deploying CSC to your devices.

 

First, enable API access on your Dashboard and generate an API key as described in this article. Copy the API key, and follow the steps below to enter it into the AMP and Umbrella consoles respectively.

 

Note that this key is tied to your Dashboard administrator account, meaning that the AMP and Umbrella consoles will have visibility into all Meraki networks that your account is an organization admin for.

Deploying Clarity

For additional documentation on AMP, see here.

Sign into your AMP console and navigate to Accounts > Business. Select Cisco Meraki EMM Integration under the ‘Features’ section and paste your Dashboard API key.

Follow AMP’s documentation to configure policies to push down to your devices. Once configured, navigate to Management > Deploy Connector. Select the Group you wish to install onto your devices, then select the Meraki Dashboard organization, network, and profile that you created previously, and click ‘Update’.

 

If you return to the Meraki Dashboard, you should now see a ‘Cisco Clarity’ payload added to your profile in Systems Manager > Manage > Settings. In the AMP console, you can monitor your devices under Dashboard > iOS Clarity.

Settings_-_Meraki_Dashboard.png

Deploying Umbrella

Sign into your Umbrella console and follow Umbrella’s documentation to configure your desired policies. To link the account to Systems Manager, navigate on the side menu to Identities > Mobile Devices.

 

 

At the top of the screen, click on link MDM and paste in your Meraki API key. Select your Meraki organization, network, and then profile. Ensure that ‘Provision Umbrella root certificate’ is checked, then save changes. If the profile has been scoped for devices they will now appear in the Mobile Devices list.

If you return to the Meraki Dashboard, you should now see an ‘Umbrella DNS Proxy’ payload added to your profile in Systems Manager > Manage > Settings.

Settings_-_Meraki_Dashboard.png

Confirming Installation

After pushing Clarity or Umbrella settings, you can confirm if your profile was successfully pushed to your devices by navigating to Systems manager > Manage > Settings, and checking the installation status at the bottom. To troubleshoot install status, see the following section.

The CSC application should also be automatically configured under Systems manager > Manage > Apps with the same scope ‘Automatic’ as the profile. You may need to click ‘Try new version’ at the top of the page to see the configuration.

 

On the iOS device, the CSC app should install and indicate ‘Protected’ For Clarity or Umbrella when launched.

IMG_D63AC69E5C9C-1.jpeg

Troubleshooting

The few issues you may encounter when deploying the connector through Systems Manager can typically be categorized as:

  1. Failure to install the profile settings

  2. Failure to install the CSC app

 

If questions arise with integrating DEP/VPP, or with installing the app and profile after reading through documentation, contact Meraki Support. For all other questions related to the Umbrella and Clarity products, contact Umbrella support or TAC for AMP.

CSC App Indicates ‘Not Protected’ or Profile Fails to Install

If the app indicates not protected after pushing the profile, confirm that the profile was correctly scoped for the device. You can also check the client details page and confirm the management profile is correctly installed.

If you see an ‘updates pending’ under the management setting, this means that the profile update has not yet installed. The most common cause for this is if the device is not supervised, which will result in the profile never installing. You can confirm supervision status in the same section ‘Supervised: Yes’. If the device is not supervised, review the DEP documentation and be sure to assign settings to supervise.

Otherwise, ensure the device has network connectivity and hit ‘Check-in now’, or wait a few minutes for the profile to install.

 

CSC App Fails to Install

The most common cause of app install failures is the lack of VPP licenses or an incorrect VPP link. For symptoms and troubleshooting tips, see this article.

API Issues

The Dashboard admin needs organization-write access in order to initially configure DEP, VPP, and link the API key to the other Cisco consoles. For issues troubleshooting API commands, refer to API docs here or on the developer portal.

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 6653

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community