Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
2
Replies

Using SSO / Cached Credentials with MFA

joemrris1
Level 1
Level 1

‎01-23-2024 01:47 AM

Hi, 

I have configured MFA authentication for the Cisco AnyConnect VPN, however it still requires the full email and password each time, prior to sending the MFA prompt.

Is there a way to configure AnyConnect to use the credentials on the machine so that the user is only required to authenticate using the MFA prompt, and not a full logon as well.

Thanks!

0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎01-25-2024 03:15 PM

As far as I know you cannot pass the machine credentials to AnyConnect on login.  An option could be to use certificate authentication with SAML.  Then you users would not need to enter username and password, but still be required to perform dual authentication.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

hash2k2
Level 1
Level 1

‎03-03-2024 10:57 PM

I just set up Cisco AnyConnect with Azure MFA and at our clients the cached/stored credentials for Teams or Outlook are getting passed to AnyConnect. So, you click "connect" and the connection is build up. If you use a notebook without any Teams or Outlook profile, you get asked for username/password and the MFA token. I am looking for how to get this removed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card