Configure Umbrella SSO Validation for Multi-Org Consoles

Available Languages

Download Options

  • PDF     (5.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (80.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 29, 2025
Document ID:225325

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes additional steps needed to configure single sign-on (SSO) for a multi-org parent console in Cisco Umbrella.

    Overview

    When configuring single sign on in the presence of a multi-org parent console, additional steps are required. To get started, see the Umbrella guide on configuring SSO for multi-org consoles.

    Common Issues

    SSO Validation Step

    Validation popup redirects to the parent console rather than the SSO provider.

    To resolve this issue:

    1. Add the parent organization admin to the child organization directly as a Full Admin under Admin > Accounts.

    2. Invite the existing user and accept the email-based invite.

    3. Once added, validate SSO.

    SSO Does Not Work for a Few Accounts on the Console

    Ensure all accounts that are doing SSO are added directly into the organization with SSO enabled. If not directly added (even with parent console sourced access), the accounts cannot be SSO enabled.

    Cannot Sign into Account when I Am SSO Enabled

    If an account is activated on two organizations with SSO enabled, access to the dashboard is lost. The SSO redirect on login.umbrella.com/sso can display an error.

    Revision History

    Revision Publish Date Comments
    1.0
    29-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products