https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435258#M393 <P class=""><SPAN>Hi,</SPAN></P><P class=""><SPAN>I would like to authenticate:</SPAN></P><UL><LI><P class=""><SPAN>external suppliers</SPAN></P></LI><LI><P class=""><SPAN>connecting via Cisco Secure Client (AnyConnect)</SPAN></P></LI><LI><P class=""><SPAN>authenticating against Entra ID</SPAN></P></LI><LI><P class=""><SPAN>using Access Manager as the NAC solution</SPAN></P></LI></UL><P class=""><SPAN>In short, the idea is the following:</SPAN><BR /><SPAN>using the existing AnyConnect client, users connect to the vMX, and through Access Manager policies, the authentication request is forwarded to Entra ID.</SPAN></P><P class=""><SPAN>Is this scenario supported and technically feasible?</SPAN></P><P>M.</P> Mon, 26 Jan 2026 15:42:47 GMT Aussietramp 2026-01-26T15:42:47Z https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435258#M393 <P class=""><SPAN>Hi,</SPAN></P><P class=""><SPAN>I would like to authenticate:</SPAN></P><UL><LI><P class=""><SPAN>external suppliers</SPAN></P></LI><LI><P class=""><SPAN>connecting via Cisco Secure Client (AnyConnect)</SPAN></P></LI><LI><P class=""><SPAN>authenticating against Entra ID</SPAN></P></LI><LI><P class=""><SPAN>using Access Manager as the NAC solution</SPAN></P></LI></UL><P class=""><SPAN>In short, the idea is the following:</SPAN><BR /><SPAN>using the existing AnyConnect client, users connect to the vMX, and through Access Manager policies, the authentication request is forwarded to Entra ID.</SPAN></P><P class=""><SPAN>Is this scenario supported and technically feasible?</SPAN></P><P>M.</P> Mon, 26 Jan 2026 15:42:47 GMT https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435258#M393 Aussietramp 2026-01-26T15:42:47Z https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435259#M394 <P>It cannot receive a SAML request from the MX and forward it to Entra ID. Access Manager is not designed to authenticate VPN connections Its purpose is enforcing identity-based rules for network edges (switch/AP), not VPN hubs.</P> Mon, 26 Jan 2026 16:25:40 GMT https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435259#M394 aleabrahao 2026-01-26T16:25:40Z https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435260#M395 <P>Also note that typically, you can only authenticate "member" users in your Entra ID.</P><P>You can authenticate Secure Client users directly against Entra ID (Access Manager is not required).</P><P><A href="https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration</A></P> Mon, 26 Jan 2026 18:43:31 GMT https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435260#M395 Philip D'Ath 2026-01-26T18:43:31Z https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435261#M396 <P>Hi Philip,</P><P>since i have few type of suppliers, can i give different group-policies? and where can i configure the group policies? cause in the MX there is only one group-policy to configure under the client-VPN-anyconnect section.</P><P>Thanks in adavance to both of you.</P> Tue, 27 Jan 2026 08:04:30 GMT https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435261#M396 Aussietramp 2026-01-27T08:04:30Z https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435262#M397 <P>I don't know if it is documented anywhere, but I explain how to apply per group policies here.</P><P><A href="https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245513/highlight/true#M54881" target="_blank">https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SAML-Group-Policy-assignment/m-p/245513/highlight/true#M54881</A></P> Tue, 27 Jan 2026 21:01:13 GMT https://community.cisco.com/t5/cisco-sase-with-meraki/authentication-flow-using-secure-client-entra-id-and-access/m-p/5435262#M397 Philip D'Ath 2026-01-27T21:01:13Z