Hello everybody,

I have a customer who wants to implement an anyconnect VPN with 2FA through OKTA.  He has an ASA, ISE and they want to include the okta server in this deployment, but I don't know exactly what are the requirements and what are the connections we have to do.  I was thinking about a connection between ASA - ISE - OKTA - AD, but I'm not pretty sure if this is correct.   I have read this document https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Remote_Device_Access.pdf  but it shows the connection with RSA and it not shows a completely configuration and deployment.  I've been searching on the web but only found ISE+OKTA for wireless authentication, or ASA - ISE -DUO - AD, but I think DUO uses a different way for connection and communication.  I was wondering if you guys can help me with information about this topic or if you know how to implement this.

Thank you so much in advance.