10-08-2019 07:41 AM - edited 02-21-2020 09:45 PM
Does Cisco ASA and Anyconnect support 2 factor authentication with text messaging? I saw documents about DUO but the customer is looking for text message option. 1st factor would be radius and 2nd factor a text message to pre-defined cell phone number.
10-08-2019 09:29 AM
You can do this if you use DUO with LDAPS and set is as the secondary authentication server on the ASA. You will get 1 username and 2 password fields. For the second one, type the word "sms". This will send you a batch of SMS passcodes that you can use with the same prompt the next time you connect. I think this process is a little convoluted. It looks they have removed this from most of their recent documentation.
10-08-2019 02:42 PM - edited 10-08-2019 02:43 PM
We use Azure MFA at one of our clients which synchronizes with AD and pulls mobile numbers from users objects in AD. The user logs in to AnyConnect with the AD user, ISE forwards the username password to Azure MFA which checks the login against AD, Azure MFA then sends an SMS with the OTP and the user types this in.
I am sure there are more providers out there that can do this also, you just need to pick the one that suits your environment and budget.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: