05-03-2019 07:15 AM
Hi,
I currently use Anyconnect VPN to connect via our ASA's. Auth is via ISE to our on prem AD and a cloud based RSA provider for 2FA.
As the company is moving to Office 365 replacing the costly 2FA service with, the already paid for, Azure MFA is desirable.
I can only see references to this set-up where an on premise Microsoft MFA server is installed or a Microsoft NPS server is used.
I'd ideally like ISE to talk directly to Azure MFA (in the cloud). Is this possible?
Many thanks
Mark
Solved! Go to Solution.
05-03-2019 08:40 AM
The Azure AD in the cloud is not providing any regular means (e.g. RADIUS or LDAP) for ISE to integrate with, other than what you already outlined, and SAML. While SAML is not a possible means for ISE to authenticate RA-VPN sessions, we may integrate ASA with it to secure RA-VPN user sessions and then use ISE for authorization. See my response at Re: Clarification on SAML authenticatio... - Cisco Community
05-03-2019 08:40 AM
The Azure AD in the cloud is not providing any regular means (e.g. RADIUS or LDAP) for ISE to integrate with, other than what you already outlined, and SAML. While SAML is not a possible means for ISE to authenticate RA-VPN sessions, we may integrate ASA with it to secure RA-VPN user sessions and then use ISE for authorization. See my response at Re: Clarification on SAML authenticatio... - Cisco Community
04-21-2020 09:03 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide