Solved: Re: Microsoft Azure MFA with Cisco ISE

md09 · ‎05-03-2019

Hi,

I currently use Anyconnect VPN to connect via our ASA's. Auth is via ISE to our on prem AD and a cloud based RSA provider for 2FA.

As the company is moving to Office 365 replacing the costly 2FA service with, the already paid for, Azure MFA is desirable.

I can only see references to this set-up where an on premise Microsoft MFA server is installed or a Microsoft NPS server is used.

I'd ideally like ISE to talk directly to Azure MFA (in the cloud). Is this possible?

Many thanks

Mark

hslai · ‎05-03-2019

The Azure AD in the cloud is not providing any regular means (e.g. RADIUS or LDAP) for ISE to integrate with, other than what you already outlined, and SAML. While SAML is not a possible means for ISE to authenticate RA-VPN sessions, we may integrate ASA with it to secure RA-VPN user sessions and then use ISE for authorization. See my response at Re: Clarification on SAML authenticatio... - Cisco Community

View solution in original post

hslai · ‎05-03-2019

The Azure AD in the cloud is not providing any regular means (e.g. RADIUS or LDAP) for ISE to integrate with, other than what you already outlined, and SAML. While SAML is not a possible means for ISE to authenticate RA-VPN sessions, we may integrate ASA with it to secure RA-VPN user sessions and then use ISE for authorization. See my response at Re: Clarification on SAML authenticatio... - Cisco Community

vsurresh · ‎04-21-2020

https://packetswitch.co.uk/cisco-anyconnect-with-azure-ad/