Onboard Experience Insights
Private Preview
Use the Experience Insights onboarding wizard to connect Secure Access to your Cisco ThousandEyes account for end user experience monitoring of endpoint, application, and network performance.
Table of Contents
Prerequisites
- An active Cisco ThousandEyes account with the Organization Admin role. For more information, see Role-Based Access Control and Built-in Roles and Permissions in ThousandEyes documentation.
- The administrator who received email notification of Secure Access activation will also receive email notification of ThousandEyes activation. Follow ThousandEyes provisioning instructions within 72 hours of receiving the activation email. If the activation email is expired, visit the ThousandEyes login page and click Forgot password?
- The ThousandEyes login account group is correct for integration with Experience Insights.
- The Login Account Group determines ThousandEyes test and agent visibility to Secure Access Experience Insights. For more information, see What is an Account Group? in ThousandEyes documentation.
- The ThousandEyes User Profile for the integration account must have a Login Account Group intended for integration with Secure Access. For more information, see Role-Based Access Control: Login Account Group and Role-Based Access Control: Account Groups Screen in ThousandEyes documentation.
- Cisco Secure Client must be installed on your endpoints. The ThousandEyes endpoint agent is included in the installation.
- For information about installation, see Download Cisco Secure Client.
- For information about installing Secure Client on multiple endpoints, see Mass Deployment Overview.
- If you intend to use RAVPN as the target for the synthetic network default test, it must be configured.
- For instructions, see Manage Virtual Private Networks.
Procedure
Navigate to Experience Insights > Insights Management > Management, then click Begin onboarding.
Step 1: ThousandEyes integration
Experience Insights requires the integration of your ThousandEyes account. Click the Integrate button to launch ThousandEyes and follow the onscreen prompts.

Log into ThousandEyes using an account with the Organization Admin role.

Confirm that you authorize the following Secure Access permissions in ThousandEyes:
- Read organization - Allows the reading of the organization credentials, account groups, users, user events, roles, permissions, usage and quotas.
- Manage endpoint agents - Allows the end user to manage their endpoint agents.
- Manage endpoint tests - Allows the end user to manage their endpoint tests.
- Manage tags - Allows the end user to manage their tags and labels.
- Read tests - Allows the end user to read their tests and the respective results.
OAuth 2.0 with ThousandEyes
ThousandEyes uses the OAuth 2.0 protocol to grant Secure Access limited access to your ThousandEyes data. For more information, see OAuth 2.0 with ThousandEyes.
Once you confirm, the Experience Insights onboarding wizard reloads with the Integration successful message. Click Next.

Step 2: Default test target
Select the security connection method that is most commonly used by your endpoints for the synthetic network test. Test target options are Zero Trust Access, RAVPN, and SWG Roaming Module.

Synthetic tests allow you to identify performance issues with user journeys to destinations. Post-onboarding, you can change the target, including selecting a custom (public or private application) target.
Step 3: Unified collaboration application
Select your organization's primary collaboration application to view a real-time summary of its performance during user interactions, including overall health score. You can update your selection later.

Select the most commonly used collaboration application used in your organization: Webex, Zoom, Microsoft Teams, or None.
Note: The number and type of endpoint tests you can create in Experience Insights is based on your license. For information, see About Endpoint Agent Tests.
Step 4: ThousandEyes agent
Endpoints must be registered to your Secure Access organization to be monitored for performance.
When you deployed Cisco Secure client to your endpoints, the ThousandEyes Endpoint Agent was installed. The ThousandEyes Endpoint Agent will register to your Secure Access org automatically once your endpoints have connected to VPN, ZTA, or Roaming module so that you can monitor their performance.
For endpoints that are not using one of those security connection methods, you must register the ThousandEyes Endpoint Agent manually by copying and pasting the command script on the endpoints.

For Secure Client installation instructions, see Get Started and Manage Client-based Zero Trust Access from Mobile Devices and Download Cisco Secure Client.
For an example of how to use an MDM to register the ThousandEyes endpoint agent, see Deploy Cisco ThousandEyes Module via Microsoft Intune.
The registration script includes a ThousandEyes connection string that is unique to your organization. Your organization's connection string is the parameter following the --register
argument.
"C:\Program Files (x86)\Cisco\Cisco Secure Client\ThousandEyes Endpoint Agent\csc_te_agent" --register <connection string>
sudo /Applications/Cisco/Cisco\ Secure \Client\ -\ ThousandEyes\ Endpoint\ Agent.app/Contents/MacOS/csc_te_agent --register <connection string>
Note: Navigate to Experience Insights > Configure Account to find your organization's registration scripts at any time after onboarding is completed.
For more information, see Cisco Secure Client ThousandEyes Endpoint Agent Module.
Result of Onboarding
Once you complete the Experience Insights onboarding wizard and the registration of one or more endpoints, data reported by the ThousandEyes endpoint agent will appear in your Experience Insights dashboard.
Navigate to Experience Insights > Management to confirm that your endpoint is reporting data.

About Experience Insights < Onboard Experience Insights > Cisco AI Assistant for Experience Insights
Updated 14 days ago