Click Enterprise Applications -> New Application -> Non-Gallery Application
Give it a Name (I'll use AnyConnect-SAML) and click Add at the bottom.
Click the Single sign-on menu Item.
Download the Certificate Base64 from section 3 (We'll install this later)
Make note of the following from Section 4:
Azure AD Identifier - This will be the saml idp in our VPN configuration.
Login URL - This will be the url sign-in
Logout URL - This will be the url sign-out
At this point you have the Data Required to begin configuring the VPN Appliance.
We will need to come back here after configuring the VPN Tunnel-Group and grabbing the metadata.
VPN Configuration - CLI
Alright, we're going to do this on the CLI first, I might come back through and do an ASDM walk-through at another time.
Connect to your VPN Appliance, we're going to be using an ASA running 9.8 code train, and our VPN clients will be 4.6+
Please note there are SAML 2.0 minimum requirements (I believe they are ASA 9.7+ and AC 4.5+ otherwise SAML 2.0 isn't supported or you need to use external browser config… this is outside the scope of this walk-through)
First we'll create a Trustpoint and import our SAML cert.
crypto ca trustpoint AzureAD-AC-SAML revocation-check none no id-usage enrollment terminal no ca-check crypto ca authenticate AzureAD-AC-SAML -----BEGIN CERTIFICATE----- … PEM Certificate Text from download goes here … -----END CERTIFICATE----- quit
The following commands will provision your SAML IdP
*Note: There's a feature with the SAML IdP configuration - If you make changes to the IdP config you need to remove the saml identity-provider config from your Tunnel Group and re-apply it for the changes to become effective.
Finishing up with the Azure AD App
We're now ready to grab the meta-data for our tunnel config and finish the Azure application configuration.
You can use a URL similar to below to view the SP metadata.
my.asa.com = the address at which my ASA is reachable
AC-SAML is the tunnel group name configured for SAML auth.
I'm part of IT for a major company that uses Cisco AnyConnect Secure Mobility Client ver. 4.4.02039 and I've got a problem I can't figure out. One of my remote users uninstalled the program and needs to re-install it, but it routinely fails. When working ...
hi fellows can anyone tell me if ise can get some attribute to put nad inside some Identity group automatically?i have ten differen ciscot switches models in my campus , and i want to create different policies based on switch model, but a...
I was going over the following two communities guide:https://communities.cisco.com/message/276046#276046https://community.cisco.com/t5/security-documents/guest-hotspot-with-max-2-hours-network-access-per-day/tac-p/3891027#M6430I have some questions:1. Is ...
Is there a fix for a 3rd party camera (Axis 1765LE) viewed in VSOM 7.11.1 that keeps going dark every 33 seconds? Each time, the loss of signal message is showing, "Attempting to reconnect...". This problem only exists in VSOM. When viewed direc...