Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
762
Views
1
Helpful
2
Replies

FMC Admin login with MFA

Danny Dulin
Level 1
Level 1

‎07-25-2024 01:36 PM

We have successfully tested SSO with MFA logon to the FMC. However, when we attempt to logout, we receive the following message 

You are logged in using SSO provided by Azure. To protect your Firewall Management Center account from unauthorized access, you must separately end your Azure IdP session.

There is a button labeled "Redirect to Azure for Log Out."

Clicking that button redirects me to my MS 365 home page.

Subsequent logon attempts to the FMC allows me right into the console without 1st or 2nd factor authentication. 

I know that this is the basic premise for SSO...but I wanted to know if there was a way to terminate a session so that I am not allowed directly back into the console without being challenged.

0 Helpful
2 Replies 2

ccieexpert
VIP
VIP

‎07-25-2024 02:13 PM

since you are using the browser you are bound by the M365 login already there... but there are some workarounds you can implement:

https://www.reddit.com/r/AZURE/comments/xrupux/conditional_access_require_mfa_every_single_time/

https://learn.microsoft.com/en-us/answers/questions/1107473/how-to-make-an-azure-enterprise-application-always

 

0 Helpful

Danny Dulin
Level 1
Level 1
In response to ccieexpert

‎08-29-2024 01:15 PM

Here is one workaround. where would I do this in FMC?

I modified the machine sending the SAML request to use the ForceAuthn=true option which forced all users accessing an authentication portal to authenticate every time without making changes to the conditional access policy.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top