Setting Up the Cisco Security Connector App with Jamf School

The Cisco Security Connector for iOS is full Umbrella DNS protection for supervised iOS devices.

Important: Cisco Security Connector works best in a 1:1 configuration and can cause issues on iPads with Shared iPad enabled.

Setting up the Cisco Security Connector with Jamf School involves the following steps:

  1. Download and deploy the Cisco Security Connector App.

  2. Configure a profile for the Root Certificate.

  3. Configure a profile for the DNS proxy.

  4. Scope the app and profile to devices.

The steps covered in this document require you to have a basic understanding of distributing apps and profiles to devices in Jamf School.

General Requirements

To set up and deploy the Cisco Security Connector app, you need supervised mobile devices.

Downloading and Deploying the Cisco Security Connector App

It is recommended that you use volume purchasing through Apple School Manager to deploy the Cisco Security Connector App to your devices. For more information, see Distributing Apps and Books Purchased with Apple School Manager.

Configuring a Profile for the Root Certificate

  1. Download the Umbrella Root CA .cer file for use on iOS devices. This certificate allows for error-less HTTPS block pages. To obtain the root certificate, do the following:

    1. In Cisco Security Connector, navigate to Policies > Root Certificate.

    2. Click Download Certificate.

    3. Save as a .cer file.

  2. Create a new profile in Jamf School.
    For more information, see Device Profiles.

  3. Use the Certificates payload to upload the root certificate.

Configuring a Profile for the DNS Proxy

  1. Download the generic profile from the Umbrella dashboard.

  2. Use the following example to edit the profile. Remove any red, bold text and add any blue, italic underlined text.

    Important: Do not copy the text below, this is only an example and is not functional. Only use the generic download configuration from your dashboard.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>PayloadContent</key>
    <array>
    <dict>
    <key>AppBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app</string>
    <key>PayloadDescription</key>
    <string>Cisco Umbrella</string>
    <key>PayloadDisplayName</key>
    <string>Cisco Umbrella</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.dnsProxy.managed.{pre-filled in the download}</string>
    <key>PayloadType</key>
    <string>com.apple.dnsProxy.managed</string>
    <key>PayloadUUID</key>
    <string>{pre-filled in the download}</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>ProviderBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app.CiscoUmbrella</string>
    <key>ProviderConfiguration</key>
    <dict>
    <key>disabled</key>
    <false/>
    <!-- Copy from here to paste into the Jamf School UI to provision a DNS proxy -->
    <dict>
    <key>disabled</key>
    <false/>
    <key>internalDomains</key>
    <array>
    <string>10.in-addr.arpa</string>
    <string>16.172.in-addr.arpa</string>
    <string>17.172.in-addr.arpa</string>
    <string>18.172.in-addr.arpa</string>
    <string>19.172.in-addr.arpa</string>
    <string>20.172.in-addr.arpa</string>
    <string>21.172.in-addr.arpa</string>
    <string>22.172.in-addr.arpa</string>
    <string>23.172.in-addr.arpa</string>
    <string>24.172.in-addr.arpa</string>
    <string>25.172.in-addr.arpa</string>
    <string>26.172.in-addr.arpa</string>
    <string>27.172.in-addr.arpa</string>
    <string>28.172.in-addr.arpa</string>
    <string>29.172.in-addr.arpa</string>
    <string>30.172.in-addr.arpa</string>
    <string>31.172.in-addr.arpa</string>
    <string>168.192.in-addr.arpa</string>
    <string>local</string>
    </array>
    <key>logLevel</key>
    <string>verbose</string>
    <key>orgAdminAddress</key>
    <string>{pre-filled in the download}</string>
    <key>organizationId</key>
    <string>{pre-filled in the download}</string>
    <key>regToken</key>
    <string>{pre-filled in the download}</string>
    <key>serialNumber</key>
    <string>%SerialNumber%</string>
    </dict>
    <!-- End copy -->
    <key>PayloadDisplayName</key><string>Cisco Security</string><key>PayloadIdentifier</key><string>com.cisco.ciscosecurity.app.CiscoUmbrella.{pre-filled in the download}</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>{pre-filled in the download}</string><key>PayloadVersion</key><integer>{pre-filled in the download}</integer></dict></plist>

  3. Create a new profile in Jamf School.
    For more information, see Device Profiles.

  4. Use the DNS Proxy payload to configure the following settings:

    1. Enter "com.cisco.ciscosecurity.app" in the App Bundle ID field.

    2. Enter "com.cisco.ciscosecurity.app.CiscoUmbrella" in the Provider Bundle ID field.

  5. Add the XML file you created in step 2 to the Provider Configuration.

Distributing the Cisco Security Connector App and Profile

You can now scope the Root certificate and DNS proxy profiles and the Cisco Security Connector app to your iOS devices. For more information, see Device Profiles and Distributing Apps and Books Purchased with Apple School Manager. Once this is complete, you should have a working Cisco Security Connector setup.

Related Information

For related information, see Cisco Security Connector - Umbrella Setup Guide in the Cisco Umbrella User Guide.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.