Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2696
Views
0
Helpful
3
Replies

AnyConnect 3.0 Win7 SBL issue?

tpeckman
Level 1
Level 1

‎02-04-2011 04:43 PM - edited ‎02-21-2020 05:09 PM

I want to provide my users with a single-sign-on experience from Windows/AnyConnect so that Active Directory can process GPO's, logon scripts, password updates etc.  But I cannot get a SSO to work.

The only way I have been able to get this to work is if the user manually invokes the connection via the "Network Connect" icon on the signon screen first and then signs on to the computer.  I was under the impression that with the PLAP we could simply login and VPN would connect first and then process the login with Active Directory.

Is this correct?  If so, what am I missing?

I have setup a Windows 7 client and ASA (8.4(1)) as per the instructions given in the client administration guide.  I have tried using certificates and a simple AAA authentication method.  I can get either method to work manually but not by simply clicking the username from the sign on screen and logging in with their password.  I do see the little AnyConnect icon next to each username on the signon screen.

Any help would be appreciated.

Troy

Labels:
0 Helpful
3 Replies 3

Shilpa Gupta
Cisco Employee
Cisco Employee

‎02-05-2011 06:13 AM

Hi Troy,

As far as the SBl is concerned in case of windows vista and win 7, it uses PLAP feature. The following is link for more information:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml

Please find the following link for SBL , in case of win 7, with screen shots:-

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/administration/guide/22admin4.html#wp1006226

So we need to click the network connect icon for SBL to work.

I hope it helps.

0 Helpful

Divya Nair
Cisco Employee
Cisco Employee

‎02-21-2011 07:56 PM 

SSO to AD along with Start-Before-Login(PLAP)not supported yet. An enhancement reuest has been files for this.
0 Helpful

miklos.andrasi
Level 1
Level 1

‎08-26-2014 01:31 AM

Dear Divyanai,

Is there any update about this solution, or is it on roadmap still?

Regards,

Miki

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents