Long time ago we had pre-login policies as part of Cisco Secure Desktop (CSD) where we could check for a machine certificate pre-authentication and then authenticate with a user certificate but CSD was deprecated due to security concerns including ca...
The Maximum Connect Time was explained on my previous reply, this is not usually deployed by CU's as the only timeout on a daily basis because end users complain that they could be in the middle of something when the the timeout triggers disrupting t...
"Normally we I use to implement AnyConnect with DUO or other MFA solutions, but user transparency is really important in this case."One of Duo's main goals is user experience @Chess Norris. Since you are designing a new solution you should consider p...