I have been trying to configure 2FA for the ASDM UI for our ASA 5512-X. There has been no success and it seems that there is no software solution. Yes, there is 2FA for Any Connect and for VPN, but not for an administrator using ASDM. This is something that is being pushed for security reasons of course. Is there any one who knows how to do it natively or is there a 3rd party software application that can do the job.
We use Azure MFA server and the configuration is near identical to creating radius configuration on NPS. For the ASA define your radius servers, which is our MFA server i.e.
aaa-server RADIUS (inside) host x.x.x.x
We increase the timeout value to cater for user input of their preferred MFA method, phone call, sms, app.
Configure the AAA statements
aaa authentication ssh console RADIUS LOCAL
aaa authentication enable console RADIUS LOCAL
aaa authentication http console RADIUS LOCAL
On the MFA server need to define the client (ASA) and what AD group etc an admin is a memberof. You may wish to define other radius attributes. That's about it. You can test via the cli with the below.
test aaa-server authentication RADIUS host x.x.x.x username xxxx password xxxxx
Thanks for the reply. We don't use Azure here as everything is on a classified system and the last thing the boss wants to do is to add another server. We currently use TACACS for logging into the firewall per security requirement, I am looking to use a token/CAC solution to meet newer security requirements. The best solution is to be able to reference the CAC/token for identity via a certificate and either verify against AD or the Cisco's ISE server's internal identity store.
Again, thank you for your response.