01-18-2018 12:50 PM - edited 02-21-2020 07:10 AM
Hi,
Has anyone tried integrating Okta or any other two-factor authentication with captive portal on FTD. Couldn't find any configuration example on the same. Any help would be great.
Vaibhav
Solved! Go to Solution.
01-22-2018 08:27 AM
Hello Vaibhav-
This is currently not supported. I would suggest reaching out to your local Cisco team and ask them to create an enhancement request and provide you with the ID.
Sorry to bring the bad news :(
Thank you for rating helpful posts!
01-22-2018 08:27 AM
Hello Vaibhav-
This is currently not supported. I would suggest reaching out to your local Cisco team and ask them to create an enhancement request and provide you with the ID.
Sorry to bring the bad news :(
Thank you for rating helpful posts!
01-30-2019 01:22 AM - edited 01-30-2019 01:23 AM
Just for anyone else that ends up here and using something other than OKTA. (RSA and Duo are supported as of 6.3)
RA VPN: Two-Factor Authentication |
Firepower Threat Defense now supports two-factor authentication for RA VPN users using the Cisco AnyConnect Secure Mobility Client. For the two-factor authentication process, we support:
For more information on Duo multi-factor authentication (MFA) for FTD, see the Cisco Firepower Threat Defense (FTD) VPN with AnyConnect documentation on the Duo Security website. Supported platforms: FTD |
Documentation:
05-15-2020 12:32 AM
Hi all
Based on the fact that this solution here is already two years old, is there in the mean time a possibility that Firepower can do MFA to enhance security?
Thank you
Markus
05-15-2020 05:02 AM
Markus.albisser
MFA is supported as of code, 6.3 (RSA & DUO). The link to the documentation is in the above post.
05-15-2020 07:53 AM
Hi mludwig89
Thanks for your feedback here. Do you also know if this applicable to the Captive Portal part of FP? What we want to do is to authenticate users with the Captive Portal and then to use their IP address and AD group membership for FP rules, for example grant access to a certain server. And we are looking that the user has not only to put his username/password into the Captive Portal, best would be also to be prompted to get an MFA request (Azure here is preferred).
Thanks
Markus
12-01-2020 10:43 AM
Hi Markus,
have you found a solution to this problem?
12-01-2020 08:51 PM
Hi Hrvoje
Unfortunately not, FP actually does not support MFA on their internal Captive Portal. For the moment we cannot go into this direction. It is open on our side in which direction we go, either if MFA is an absolute need we have to evaluate another solution of course outside Cisco (ISE-PIC does not scale for us as well and the ISE is too big for this function). As this topic is on hold for the moment we will start the evaluate process once it comes up again.
Thanks
Markus
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide