Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
1
Helpful
5
Replies

RAVPN FTD not redirecting to SAML

Go to solution
DannyDulin
Level 1
Level 1

‎03-25-2024 01:35 PM

Hello everyone.

I have configured my RAVPN connection profile to leverage SAML. I have configured it with the correct SSO object. I've verified the Azure AD Identifier, Azure Login and Logout URL's. 

When I connect to the VPN headend (FTD) with AnyConnect I get the typical small little authentication box but not the MS Azure login prompt.

Any help would be greatly appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎03-25-2024 05:23 PM

>> I get the typical small little authentication box but not the MS Azure login prompt.

If you are talking about the standard AnyConnect login window, my first guess would be that you hit the wrong connection profile.

View solution in original post

5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎03-25-2024 02:39 PM

It would be good if you post the SAML configuration you have implemented and the configuration that calls it in the RAVPN configuration.

But, assuming your configuration on the FTD is correct the issue is most likely that the user you are testing with is not provisioned for MFA in MS Azure.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Pulkit Mittal
Spotlight
Spotlight

‎03-25-2024 04:57 PM

Make sure the user group is selected correctly in the enterprise app in Azure.

Tutorial: Microsoft Entra single sign-on (SSO) integration with Cisco AnyConnect - Microsoft Entra ID | Microsoft Learn

If you find this useful, please mark it helpful and accept the solution.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎03-25-2024 05:23 PM

>> I get the typical small little authentication box but not the MS Azure login prompt.

If you are talking about the standard AnyConnect login window, my first guess would be that you hit the wrong connection profile.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎03-26-2024 08:04 AM - edited ‎03-26-2024 08:04 AM

I agree with @Karsten Iwen  - you are probably hitting the default connection profile and not the one configured for SAML authentication. After logging in, you can confirm your profile via "show vpn-sessiondb detail anyconnect".

0 Helpful

Go to solution
DannyDulin
Level 1
Level 1
In response to Karsten Iwen

‎03-27-2024 06:42 AM

Although I figured this out before you commented, you are spot on Karsten. 

I had not added a URL or Alias to the connection profile so my login was hitting the default connection profile.

Thank you everyone for your input.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card