Purpose
This guide explains how to generate the required API key and scopes in Cisco Umbrella, and how to use those credentials in Logsign USO to ingest organization-level activity logs for security analytics and forensic purposes.
Log in to Cisco Umbrella Dashboard
Visit: https://dashboard.umbrella.com
Log in with your admin credentials.
Create an API Key
Go to the Admin section in the left-hand menu.
Click on API Keys.
Click the “Add” button.
Set API Key Configuration
| Field | Description |
| API Key Name | Choose a name (e.g., Logsign Integration) |
| Expiry Date | Recommended: Never Expire |
| Scopes | Admin / Organizations → Read-Only Reports → Read-Only |
These two scopes are essential for retrieving organization activity logs via API.
Save and Note the Following Details
Once you create the key, Cisco will display:
Client ID
Client Secret
Organization ID
(visible in your browser URL: https://dashboard.umbrella.com/o/**1112233**#/admin/apikeys)
Configure Integration in Logsign USO
After obtaining these credentials from Cisco Umbrella, you can log in to Logsign USO and add a new data source. During the data source configuration, you will be required to enter the Client ID, Client Secret, and Organization ID as specified above.
Please make sure that your Cisco Umbrella product is not a trial version before performing this operation, as trial accounts may not support API-based log access. Must have Insights or Platform licenses.