Onboard Experience Insights

Private Preview

Use the Experience Insights onboarding wizard to connect Secure Access to your Cisco ThousandEyes account for end user experience monitoring of endpoint, application, and network performance.

Table of Contents

Prerequisites

  • An active Cisco ThousandEyes account with the Organization Admin role. For more information, see Role-Based Access Control and Built-in Roles and Permissions in ThousandEyes documentation.
    • The administrator who received email notification of Secure Access activation will also receive email notification of ThousandEyes activation. Follow ThousandEyes provisioning instructions within 72 hours of receiving the activation email. If the activation email is expired, visit the ThousandEyes login page and click Forgot password?
  • The ThousandEyes login account group is correct for integration with Experience Insights.
  • Cisco Secure Client must be installed on your endpoints. The ThousandEyes endpoint agent is included in the installation.
  • If you intend to use RAVPN as the target for the synthetic network default test, it must be configured.

Procedure

Navigate to Experience Insights > Insights Management > Management, then click Begin onboarding.

Step 1: ThousandEyes integration

Experience Insights requires the integration of your ThousandEyes account. Click the Integrate button to launch ThousandEyes and follow the onscreen prompts.

Log into ThousandEyes using an account with the Organization Admin role.

Confirm that you authorize the following Secure Access permissions in ThousandEyes:

  • Read organization - Allows the reading of the organization credentials, account groups, users, user events, roles, permissions, usage and quotas.
  • Manage endpoint agents - Allows the end user to manage their endpoint agents.
  • Manage endpoint tests - Allows the end user to manage their endpoint tests.
  • Manage tags - Allows the end user to manage their tags and labels.
  • Read tests - Allows the end user to read their tests and the respective results.

📘

OAuth 2.0 with ThousandEyes

ThousandEyes uses the OAuth 2.0 protocol to grant Secure Access limited access to your ThousandEyes data. For more information, see OAuth 2.0 with ThousandEyes.

Once you confirm, the Experience Insights onboarding wizard reloads with the Integration successful message. Click Next.

Step 2: Default test target

Select the security connection method that is most commonly used by your endpoints for the synthetic network test. Test target options are Zero Trust Access, RAVPN, and SWG Roaming Module.

Synthetic tests allow you to identify performance issues with user journeys to destinations. Post-onboarding, you can change the target, including selecting a custom (public or private application) target.

Step 3: Unified collaboration application

Select your organization's primary collaboration application to view a real-time summary of its performance during user interactions, including overall health score. You can update your selection later.

Select the most commonly used collaboration application used in your organization: Webex, Zoom, Microsoft Teams, or None.

Note: The number and type of endpoint tests you can create in Experience Insights is based on your license. For information, see About Endpoint Agent Tests.

Step 4: ThousandEyes agent

Endpoints must be registered to your Secure Access organization to be monitored for performance.

When you deployed Cisco Secure client to your endpoints, the ThousandEyes Endpoint Agent was installed. The ThousandEyes Endpoint Agent will register to your Secure Access org automatically once your endpoints have connected to VPN, ZTA, or Roaming module so that you can monitor their performance.

For endpoints that are not using one of those security connection methods, you must register the ThousandEyes Endpoint Agent manually by copying and pasting the command script on the endpoints.

For Secure Client installation instructions, see Get Started and Manage Client-based Zero Trust Access from Mobile Devices and Download Cisco Secure Client.

For an example of how to use an MDM to register the ThousandEyes endpoint agent, see Deploy Cisco ThousandEyes Module via Microsoft Intune.

The registration script includes a ThousandEyes connection string that is unique to your organization. Your organization's connection string is the parameter following the --register argument.

"C:\Program Files (x86)\Cisco\Cisco Secure Client\ThousandEyes Endpoint Agent\csc_te_agent" --register <connection string>
sudo /Applications/Cisco/Cisco\ Secure \Client\ -\ ThousandEyes\ Endpoint\ Agent.app/Contents/MacOS/csc_te_agent --register <connection string>

Note: Navigate to Experience Insights > Configure Account to find your organization's registration scripts at any time after onboarding is completed.

For more information, see Cisco Secure Client ThousandEyes Endpoint Agent Module.

Result of Onboarding

Once you complete the Experience Insights onboarding wizard and the registration of one or more endpoints, data reported by the ThousandEyes endpoint agent will appear in your Experience Insights dashboard.

Navigate to Experience Insights > Management to confirm that your endpoint is reporting data.


About Experience Insights < Onboard Experience Insights > Cisco AI Assistant for Experience Insights