Comprar ou Renovar
Comprar ou Renovar
NOVO!Mantenha-se atualizado sobre o Cisco Secure Access: Release Notes e anúncios de software
cancelar
Activar sugestões
A sugestão automática ajuda-o a especificar os resultados de pesquisa sugerindo-lhe correspondências enquanto escreve.
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
Iniciar uma conversa
901
Apresentações
1
Útil
1
Respostas

How to Integrate Azure AD SSO with Cisco Anyconnect with NPS

Ir para a Solução
marcoscastilhosbr
Level 1
Level 1

em ‎03-15-2023 08:03 AM

I would like to ask the community for help, as I need to implement Azure AD SSO with Cisco Anyconnect.

Looking for some information I found that there is the possibility of using SAML. (Configure ASA AnyConnect VPN with Microsoft Azure MFA through SAML)
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configure-asa-anyconnect-vpn-with-micros.html

I would like to know if it is possible, instead of using SAML, to do it via RADIUS (NPS).

Could someone give me some guidance?

0 Útil
1 Soluções Aceita

Soluções aceites

Ir para a Solução
Rodrigo Diaz
Cisco Employee
Cisco Employee

em ‎03-16-2023 07:49 AM

hello @marcoscastilhosbr ,  it's possible to change the authentication method , instead of use SAML as the guide that is described in the previous post , select AAA server group and then the NPS Radius , please refer to the following documentation that might help you 

If you are using FTD , go through the process that is described over here to integrate with a RADIUS server ( in this scenario you might have to follow just the corresponding part for the RADIUS auth part and omit the ISE that is being used as RADIUS server )  https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215236-ise-posture-over-anyconnect-remote-acces.html 

If you are using ASA https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/asdm713/vpn/asdm-713-vpn-config/vpn-wizard.html . 

Once you have that authentication in place you might have to review the Azure part and the NSF to work together to achieve the flow that you intent . 

Let me know if that helped . 

 

Ver solução na publicação original

1 RESPOSTA 1

Ir para a Solução
Rodrigo Diaz
Cisco Employee
Cisco Employee

em ‎03-16-2023 07:49 AM

hello @marcoscastilhosbr ,  it's possible to change the authentication method , instead of use SAML as the guide that is described in the previous post , select AAA server group and then the NPS Radius , please refer to the following documentation that might help you 

If you are using FTD , go through the process that is described over here to integrate with a RADIUS server ( in this scenario you might have to follow just the corresponding part for the RADIUS auth part and omit the ISE that is being used as RADIUS server )  https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215236-ise-posture-over-anyconnect-remote-acces.html 

If you are using ASA https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/asdm713/vpn/asdm-713-vpn-config/vpn-wizard.html . 

Once you have that authentication in place you might have to review the Azure part and the NSF to work together to achieve the flow that you intent . 

Let me know if that helped . 

 

Quick links

Navegue pelos links rápidos da Comunidade e usufrua de um conteúdo personalizado e em seu idioma nativo:

Vídeo dos últimos eventos Ajuda sobre a Comunidade Blogs de Segurança
Customers Also Viewed These Support Documents