cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
657
Views
0
Helpful
1
Replies

Single Sign On (SSO) Internet Access via ASA

mikedaman34
Level 1
Level 1

Good Afternoon,

I'm looking for a way for users to authenticate through the ASA to determine whether or not they are granted access to the Internet. I would like to provide two separate Active Directory groups, for example, GRP-NO-INTERNET and GRP-INTERNET. When a user accesses the Internet I would like the firewall to obtain a SSO credential and query AD to see if they have access or not and respond accordingly.

I'm currently working with TAC to investigate the possibility of using DAP but was curious if others have successfully tested this or what other options may be available. The end result would be to eliminate the credentials prompt by the firewall and have the authentication done in the background (somehow) without user interaction.

Thanks in advance to anyone's suggestions.

-Mike

1 Reply 1

Eduardo Aliaga
Level 4
Level 4

Actually, it should be possible starting ASA 8.4.2. You will have to configure an AD Agent on Windows. Please see the following link

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

Please rate if it helps. Kind regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: