Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
288
Views
1
Helpful
2
Replies

FMC Admin login with MFA

Danny Dulin
Level 1
Level 1

ā€Ž07-25-2024 01:36 PM

We have successfully tested SSO with MFA logon to the FMC. However, when we attempt to logout, we receive the following message 

You are logged in using SSO provided by Azure. To protect your Firewall Management Center account from unauthorized access, you must separately end your Azure IdP session.

There is a button labeled "Redirect to Azure for Log Out."

Clicking that button redirects me to my MS 365 home page.

Subsequent logon attempts to the FMC allows me right into the console without 1st or 2nd factor authentication. 

I know that this is the basic premise for SSO...but I wanted to know if there was a way to terminate a session so that I am not allowed directly back into the console without being challenged.

0 Helpful
2 Replies 2

ccieexpert
Spotlight
Spotlight

ā€Ž07-25-2024 02:13 PM

since you are using the browser you are bound by the M365 login already there... but there are some workarounds you can implement:

https://www.reddit.com/r/AZURE/comments/xrupux/conditional_access_require_mfa_every_single_time/

https://learn.microsoft.com/en-us/answers/questions/1107473/how-to-make-an-azure-enterprise-application-always

 

0 Helpful

Danny Dulin
Level 1
Level 1
In response to ccieexpert

ā€Ž08-29-2024 01:15 PM

Here is one workaround. where would I do this in FMC?

I modified the machine sending the SAML request to use the ForceAuthn=true option which forced all users accessing an authentication portal to authenticate every time without making changes to the conditional access policy.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card