https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878069#M313 <DIV class="duo-migrated-content"><P>Is this an ASA? Did you follow these directions: <A href="https://duo.com/docs/ciscoasa-ldap" class="inline-onebox">Cisco ASA SSL VPN for Browser and AnyConnect | Duo Security</A>?</P> <P>It sounds like there is a misconfiguration or other issue with the <A href="https://duo.com/docs/ciscoasa-ldap#modify-the-sign-in-page">customized Duo login page</A> , because when configured correctly the ASA browser SSL VPN login page does not show a text input field for the second password, but instead loads the interactive Duo 2FA prompt where a new user could complete inline self-enrollment.</P></DIV> Wed, 26 May 2021 21:30:52 GMT DuoKristina 2021-05-26T21:30:52Z https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878066#M310 <DIV class="duo-migrated-content"><P>Hi<BR /> I am trying to remove the secondary password option on my Cisco AnyConnect SSL VPN web portal - so new users can sign in using their AD username and password, and proceed to register their device once signed on.</P> <P>new users do not have the secondary password to login, if that makes sense.</P> <P>The duo is synced with AD security group.</P> <P>Is there an option/setting for me to change?</P> <P>thanks<BR /> Aisling</P></DIV> Wed, 26 May 2021 11:22:52 GMT https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878066#M310 aisling.natola 2021-05-26T11:22:52Z https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878067#M311 <DIV class="duo-migrated-content"><P>Hi Aisling,<BR /> I see that you have an open support case about this as well, and it looks like you may have gotten the answer there already, but I am going to share it here as well for the wider community’s benefit <IMG width="20" height="20" src="https://community.cisco.com/legacyfs/online/ciscoduo/cdn_emojis/twitter/smiley.png" style="display : inline;" /></P> <P>Users can self-enroll via the Duo Authentication Prompt if they are able to log in to the ASA VPN using a browser. You can <A href="https://duo.com/docs/self-service-portal#enabling-the-self-service-portal">enable the Self-service portal through the Duo Admin Panel</A> and users can enroll the device when you set a <A href="https://duo.com/docs/policy#new-user-policy">new user policy</A> to require enrollment.</P> <P>If only AnyConnect client access is permitted, users cannot self-enroll and must be enrolled using <A href="https://duo.com/docs/enrolling-users#automatic-enrollment">automatic</A> or <A href="https://duo.com/docs/enrolling-users#manual-enrollment">manual enrollment</A>.</P></DIV> Wed, 26 May 2021 14:30:45 GMT https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878067#M311 Amy2 2021-05-26T14:30:45Z https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878068#M312 <DIV class="duo-migrated-content"><P>Hi Amy,</P> <P>Thanks for getting back to me.</P> <P>My issue here is – new users do not have secondary password sign so cannot log onto the AnyConnect VPN via browser because the portal page is asking for two passwords.</P> <P>New users cannot have a secondary password yet as they have to log onto this portal with username and password from AD – and then register their device and set up 2fA. My question is how do you disable the secondary password field on the login page so users only are prompt for login creds - AD username and password, and begin to register their phone when logged into the web portal?</P> <P>Thanks<BR /> Aisling</P></DIV> Wed, 26 May 2021 14:54:23 GMT https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878068#M312 aisling.natola 2021-05-26T14:54:23Z https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878069#M313 <DIV class="duo-migrated-content"><P>Is this an ASA? Did you follow these directions: <A href="https://duo.com/docs/ciscoasa-ldap" class="inline-onebox">Cisco ASA SSL VPN for Browser and AnyConnect | Duo Security</A>?</P> <P>It sounds like there is a misconfiguration or other issue with the <A href="https://duo.com/docs/ciscoasa-ldap#modify-the-sign-in-page">customized Duo login page</A> , because when configured correctly the ASA browser SSL VPN login page does not show a text input field for the second password, but instead loads the interactive Duo 2FA prompt where a new user could complete inline self-enrollment.</P></DIV> Wed, 26 May 2021 21:30:52 GMT https://community.cisco.com/t5/managing-users/duo-cisco-anyconnect-secondary-password/m-p/4878069#M313 DuoKristina 2021-05-26T21:30:52Z