Provision OrgInfo.json and AnyConnect via ISE for Umbrella

Available Languages

Download Options

  • PDF     (1.5 MB)
    View with Adobe Reader on a variety of devices
Updated:September 29, 2025
Document ID:225085

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to provision the OrgInfo.json profile and AnyConnect client using Identity Services Engine (ISE) for Umbrella integration.

    Prerequisites

    • Access to the Umbrella dashboard
    • Access to the ISE dashboard
    • Umbrella Module Profile (OrgInfo.json)
    • AnyConnect Headend Deployment Package (Windows or macOS)
    • ISE Posture Compliance Library (Windows or macOS)
    • Latest ISE patch installed (to avoid Cisco bug ID CSCvz01485 )


    Not Covered:

    • ISE Authentication and Authorization policies
    • ISE Client Provisioning Portal and client redirection

    Preparation Steps

    1. Access the Umbrella dashboard and download the Umbrella Module Profile (OrgInfo.json) fromDeployments > Roaming Computers > Download > Download Module Profile.
      1329462468405213294624684052
    2. Download the AnyConnect Headend Deployment Package from the Cisco Software Download page, selecting the version appropriate for your deployment.
      13295068420244132950684202441329506906971613295069069716
    3. Download the ISE Posture Compliance Library from the Cisco Software Download page, selecting the version appropriate for your deployment.
      13295164717716132951647177161329515587458013295155874580

    ISE Configuration

    1. Access the ISE dashboard and navigate toWork Centers > Posture > Client Provisioning > Resources > Add > Agent resources from local disk.
      1329600141621213296001416212

    2. SelectCisco Provided Package > Choose File, upload the AnyConnect Headend Deployment Package, and clickSubmitandConfirm.
      1329613466331613296134663316

    3. Repeat the process to upload the ISE Posture Compliance Library:
      • SelectCisco Provided Package > Choose File, upload the ISE Posture Compliance Library, and clickSubmitandConfirm.1329642412648413296424126484
    4. Upload the OrgInfo.json profile:
      • SelectCustomer Created Package > Select AnyConnect Profile > Add Name > Choose File > OrgInfo.json > Submit.
        1329664451317213296644513172

    5. Add the AnyConnect Posture Profile:
      • Go toWork Centers > Posture > Client Provisioning > Resources > Add > AnyConnect Posture Profile.
        1329677132802013296771328020

      • Add a profile name and server name rules (wildcarded, comma-separated names that define the servers that the agent can connect to for example,*.cisco.com), then clickSubmit.
        1329683264642013296832646420
        1329848767797213298487677972

    6. Add AnyConnect Configuration:
      • Navigate toWork Centers > Posture > Client Provisioning > Resources > Add > AnyConnect Configuration.1329719412661213297194126612

      • Select the AnyConnect Package, add a configuration name, select the Compliance Package, choose the AnyConnect Modules (Umbrella and Diagnostic), select the ISE Profile, select the Umbrella Profile, and clickSubmit.1329738233358813297382333588
    7. Assign the AnyConnect Configuration to the Client Provisioning Policy:
      • Go toWork Centers > Posture > Client Provisioning > Client Provisioning Policy.
        1329799353550813297993535508

      • Edit the policy and underResults, add the AnyConnect Configuration, then clickSave.
    8. Create an Authorization Policy to redirect clients to the Client Provisioning Portal. (This step is outside the scope of this guide.)

    1338016947086813380169470868

    Client side Configuration

    1. Once the client is able to get the redirection from the Client Provisioning Portal click Start: 1338023360795613380233607956
    2. Select This is my first time here and it begins downloading AnyConnect: 1338033433602013380334336020
    3. Open/run the downloaded file and it starts the process:
      1338021220750813380212207508
    4. When "Trusted and Secure Connection" message appears click Connect if the ISE information is correct: 1338023339995613380233399956
    5. Once the "Installation is completed" message appears click Quit:

      1338023330882013380233308820

    6. You can close all other windows. Umbrella has been installed, plus the ISE Posture module:
      1338021209230813380212092308

    Revision History

    Revision Publish Date Comments
    1.0
    29-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products