cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
689
Views
1
Helpful
5
Replies

RAVPN FTD not redirecting to SAML

DannyDulin
Level 1
Level 1

Hello everyone.

I have configured my RAVPN connection profile to leverage SAML. I have configured it with the correct SSO object. I've verified the Azure AD Identifier, Azure Login and Logout URL's. 

When I connect to the VPN headend (FTD) with AnyConnect I get the typical small little authentication box but not the MS Azure login prompt.

Any help would be greatly appreciated.

1 Accepted Solution

Accepted Solutions

>> I get the typical small little authentication box but not the MS Azure login prompt.

If you are talking about the standard AnyConnect login window, my first guess would be that you hit the wrong connection profile.

View solution in original post

5 Replies 5

It would be good if you post the SAML configuration you have implemented and the configuration that calls it in the RAVPN configuration.

But, assuming your configuration on the FTD is correct the issue is most likely that the user you are testing with is not provisioned for MFA in MS Azure.

--
Please remember to select a correct answer and rate helpful posts

Pulkit Mittal
Spotlight
Spotlight

Make sure the user group is selected correctly in the enterprise app in Azure.

Tutorial: Microsoft Entra single sign-on (SSO) integration with Cisco AnyConnect - Microsoft Entra ID | Microsoft Learn

If you find this useful, please mark it helpful and accept the solution.

>> I get the typical small little authentication box but not the MS Azure login prompt.

If you are talking about the standard AnyConnect login window, my first guess would be that you hit the wrong connection profile.

I agree with @Karsten Iwen  - you are probably hitting the default connection profile and not the one configured for SAML authentication. After logging in, you can confirm your profile via "show vpn-sessiondb detail anyconnect".

Although I figured this out before you commented, you are spot on Karsten. 

I had not added a URL or Alias to the connection profile so my login was hitting the default connection profile.

Thank you everyone for your input.

Review Cisco Networking for a $25 gift card