9/5/2023 0 Comments Cisco anyconnect azure mfa![]() ![]() This is helpful if you’d like to differentiate access based on the user’s group memberships. The Group Policy would define specific details for that VPN connection (restrictions through ACL, split tunnels, client modules, etc). If successfully matching policy conditions, the ISE Authorization Profile will return a Cisco ASA/FTD VSA which the firewall will use to assign the VPN user to a specific Group Policy. ![]() If properly authenticated with AAD/Duo, Authorization would then be sent to on-prem ISE server for Authorization. In addition, Azure would kick off a 2-Factor Authentication request against Duo using an Azure Conditional Access policy. This blog will focus on using Cisco Secure Client (Formally known as Cisco Anyconnect) to establish a remote access VPN connection with a Cisco Secure Firewall (FTD) and have user authentication sent to Microsoft Azure Active Directory (AAD) via SAML request, which in turn would authenticate users using its local user store. There are multiple components to this solution, and while there are a few different approaches to accomplish the end goal, I wanted to focus on a solution that didn’t require an onsite Duo Authentication Proxy server. Firepower FTD Remote Access VPN SSO using SAML and Azure AD, with Azure AD Conditional Access to Duo 2FA, and Cisco ISE for Authorization and Group Policy Assignment ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |