cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1094
Views
0
Helpful
2
Replies
Highlighted
Contributor

Anyconnect SAML auth to Azure AD SSO - not doing SSO

Hi,

Has anyone used AnyConnect SAML auth (on ASA) using Azure AD SSO as the IdP?

I have it configured and can log in ok, but it's prompting me for my credentials where is should support Single Sign On since my PC is AAD joined...

Has anyone been able to make it work using SSO with either this or any other SAML IDP?

 

I'm using ASAv 9.9.2.32, and Anyconnect 4.6.02074, Windows 10.

 

I did wonder if its related to the new embedded browser (since IE can authenticate SSO without prompting for credentials to all other AAD integrated apps ok). I tried the "saml external-browser" command under the tunnel-group config to switch it back, but there was no noticeable difference, it still appeared to be using the embedded browser.

 

Thanks,
Peter

Everyone's tags (3)
2 REPLIES 2
Contributor

Re: Anyconnect SAML auth to Azure AD SSO - not doing SSO

Did this ever get resolved? Looking to setup something very similar to the environment you described.

Contributor

Re: Anyconnect SAML auth to Azure AD SSO - not doing SSO

Yes it’s working :)

it required this command to not prompt for auth and use Sso:

 

Saml idp <uri>

  No force re-authentication

 

The biggest frustration with this solution is there is apparently no way to have the ASA evaluate claims that are sent back and use them for Dynamic Access Policies. But if all users will get the same policy it seems to work great!