https://community.cisco.com/t5/vpn/cisco-duo-ldaps-migration-to-saml-with-daps/m-p/4824982#M288945 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/235624">@LindseyJGreen</a>&nbsp;If my understanding is correct , what you are saying here is when deploying SAML as an authentication for SSL VPN it does not use DAP ( Dynamic Access Policy ) . It is not true as&nbsp;DAP applies to all remote access and clientless sessions and cannot be disabled – it is always running from the moment the ASA is powered on .&nbsp;</P> Sun, 30 Apr 2023 20:47:15 GMT Salman Mahajan 2023-04-30T20:47:15Z https://community.cisco.com/t5/vpn/cisco-duo-ldaps-migration-to-saml-with-daps/m-p/4824115#M288907 <P>We currently use Cisco Duo with LDAPS for our SSL VPN Clients. On the firewall (ASA5508) we have Dynamic Access Policies in place, allowing certain Active Directory groups access to certain subnets.</P> <P>&nbsp;</P> <P>When testing moving to SAML (Hybrid AzureAD with on prem domain controllers) for MFA, this no longer uses DAP.</P> <P>How can we secure our different networks on a per user basis instead?</P> <P>Thanks</P> Fri, 28 Apr 2023 11:57:45 GMT https://community.cisco.com/t5/vpn/cisco-duo-ldaps-migration-to-saml-with-daps/m-p/4824115#M288907 LindseyJGreen 2023-04-28T11:57:45Z https://community.cisco.com/t5/vpn/cisco-duo-ldaps-migration-to-saml-with-daps/m-p/4824982#M288945 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/235624">@LindseyJGreen</a>&nbsp;If my understanding is correct , what you are saying here is when deploying SAML as an authentication for SSL VPN it does not use DAP ( Dynamic Access Policy ) . It is not true as&nbsp;DAP applies to all remote access and clientless sessions and cannot be disabled – it is always running from the moment the ASA is powered on .&nbsp;</P> Sun, 30 Apr 2023 20:47:15 GMT https://community.cisco.com/t5/vpn/cisco-duo-ldaps-migration-to-saml-with-daps/m-p/4824982#M288945 Salman Mahajan 2023-04-30T20:47:15Z