02-04-2011 04:43 PM - edited 02-21-2020 05:09 PM
I want to provide my users with a single-sign-on experience from Windows/AnyConnect so that Active Directory can process GPO's, logon scripts, password updates etc. But I cannot get a SSO to work.
The only way I have been able to get this to work is if the user manually invokes the connection via the "Network Connect" icon on the signon screen first and then signs on to the computer. I was under the impression that with the PLAP we could simply login and VPN would connect first and then process the login with Active Directory.
Is this correct? If so, what am I missing?
I have setup a Windows 7 client and ASA (8.4(1)) as per the instructions given in the client administration guide. I have tried using certificates and a simple AAA authentication method. I can get either method to work manually but not by simply clicking the username from the sign on screen and logging in with their password. I do see the little AnyConnect icon next to each username on the signon screen.
Any help would be appreciated.
Troy
02-05-2011 06:13 AM
Hi Troy,
As far as the SBl is concerned in case of windows vista and win 7, it uses PLAP feature. The following is link for more information:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml
Please find the following link for SBL , in case of win 7, with screen shots:-
So we need to click the network connect icon for SBL to work.
I hope it helps.
02-21-2011 07:56 PM
SSO to AD along with Start-Before-Login(PLAP)not supported yet. An enhancement reuest has been files for this.
08-26-2014 01:31 AM
Dear Divyanai,
Is there any update about this solution, or is it on roadmap still?
Regards,
Miki
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide