Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
0
Helpful
0
Replies

Anyconnect/ASA - Azure MFA via Radius and LDAP

Ralphy006
Level 1
Level 1

‎04-12-2019 09:10 AM - edited ‎02-21-2020 09:37 PM

Currently running Anyconnect 4.5x and ASA 9.6.x.

 

I have Azure MFA working for authentication/2-factor. The user gets prompted for username and password, a radius requests goes to Azure MFA. It does username/password auth and 2-factor, and then sends a response to the ASA.

 

Is there a way to use the Azure MFA as secondary auth without requiring the user to type in the password twice? I have a need to do primary auth against LDAP direct (so we can choose what AD groups get which Group-policy).

 

So for example, this works:

tunnel-group EXAMPLE-TG general-attributes
authentication-server-group LDAP
secondary-authentication-server-group AZURE_MFA_RADIUS use-primary-username

 

With this setup, it looks like this:

-Username

-Password

-Secondary Password

 

So the user would have to enter the password twice. Is it possible to only have 1 password box and have the secondary-authentication use the same password?

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents