Configure Umbrella for Migration to Secure Access and Security Cloud Control

Introduction

This document describes how to migrate from Umbrella to Secure Access using Security Cloud Control (SCC).

Background information

Umbrella customers are encouraged to migrate from Umbrella to Secure Access and required to use Security Cloud Control to manage all their cloud security products as part of these changes. This allows you to have a single pane of glass to manage their cloud security products which includes Cisco Secure Access.

Multi-org is not currently supported (at the time of the creation of this article).

Prerequisites

• Current DNS or SIG Subscription
• Full Admin Access to Umbrella
• Access to Security Cloud Control

Preparation Stages

1. Prepare for Migration

1. Ensure that you have a DNS or SIG subsctiption on Umbrella:

• Navigate to Admin > Licensing to verify
• Upgrade to Secure Access must be displayed at the top of the page:

ii. Make note of the org ID, in this example 8350166.

iii. Select the Request Invitation option on the licensing page.

Note: If the Upgrade to Secure Access is not present then ensure that the Umbrella package is DNS or SIG (multi-org or ad-ons are not currently supported at the time of the writing of this article).

iv. Wait 3-4 business days and you must receive an email with your subscription claim code. Please see example email here:

2. Log in to SCC using your existing Cisco login credentials

i. Navigate to Security Cloud Control portal and login with your Cisco login credentials.

Note: The same Cisco login credentials used to access your Umbrella dashboard.

ii. Select Create new organization (if you do not have an existing one).

iii. Enter the new organization name in the New Organization name field.

iv. Select the appropriate region from the Region deployment drop-down menu.

Note: This must be the grographical region where your tenant would be deployed to.

Example here:

v. Then select Continue to complete the org creation.

3. Link Umbrella org to SCC and claim subscription

i. Select Claim subscription button to claim it with the codes provided from step 1 above.

ii. Your Umbrella org ID must be seen in the Subscriptions page as well with the invitation to attach it to SCC.

Note: The Umbrella org ID must be the same as on your Umbella Dashboard. This is important for the migration and to ensure that both SCC and Umbrella have been linked.

- Select Attach product to attach your Umbrella org to SCC.

- When attached, you must see the Cisco Secure Access as a product in the same page as shown on the example here:

iii. Enter the claim code and select Next:

iv. Select Attach existing instance from the Create new instance or attach existing drop-down menu:

v. Review the settings:

• Ensure that the (Existing instance) is part of the product name
• The region must be set to the existing region of the attached Secure Access instance
• Select Claim move to move to the next page

• Confirm the subscription claim:

• After successful claim and provisioning you must get a Subscriptions page similar to the one here, showing all your activated products:

4. Apply the license to Secure Access Instance

i. Select Action required option:

ii. Select Appy license:

Verify Secure Access Link to SCC

Use this section to verify that your Secure Access tenant has been linked to SCC.

1. Product activation status in Subscriptions

Verify that the Cisco Secure Access <License Type> product Instance has been activated:

2. Secure Access in Product list

Secure Access must now be listed under Products as well:

Migrate from Umbrella to Secure Access

1. Log back into Umbrella with the same account as above.
2. Navigate to the new menu item Upgrade Manager:

3. In the Upgrade Manager page, select Start under Enable Cisco Security Cloud Sign on

4. Select ENABLE SAML under SAML Dashboard User Configuration to link your SCC as SAML provider for dashboard login:

5. Test SAML configuration with the TEST CONFIGURATION option:

6. The login page of SCC must appear in a different pop-up window (ensure that pop-up blocker is disabled):

When prompted, login with your SCC credentials.

When the login has been verified, you must get the message here, confirming it. At which point the SAML part is almost complete:

You must then be returned to the SAML Dashboard User Configuration portion again:

• Green tick shows that the SAML settings have been correctly configured
• Select NEXT to continue

Save and notify users of the changes:

SAML configuration completed:

7. Upgrade to Secure Access by selecting Upgrade in the Start Upgrade section:

• Allow the upgrade to continue:

• When completed, you must get a page like on the image here:

8. Redirect traffic to Secure Access

• Confirmation of the redirection being completed. In the example only the network identity was migraded from Umbrella to Secure Access:

9. Complete the upgrade and migration to Secure Access

Caution: This completely removes your Umbrella org and is not reversible so be sure all items have been completely migrated before carrying out this step.

• When you select Close Umbrella on the image here, you are going to lose access to your umbrella org as it gets deleted:

Verify Migration

1. Log into Secure Access with your login credentials
2. Navigate to Secure > Access Policy to display the migrated rules, as on the example here. The org ID must be the same as in section Prepare for Migration above.

Related Information

• Umbrella Documentation
• Technical Support & Documentation - Cisco Systems