Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5013
Views
0
Helpful
5
Replies

AnyConnect authentication using logged on credentials

Mark Bowyer
Level 1
Level 1

‎03-16-2020 08:57 AM

Hi,

 

Is it possible to configure AnyConnect to auto authenticate using the logged on users credentials? so they don't have to enter their username/password at Windows login and then again to connect via AnyConnect?

 

Thanks,

Mark

 

 

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎03-16-2020 09:02 AM

Hi,
No you cannot transparently pass the username/password credentials from the logged on user. If you don't want the users to enter their credentials, you could use user certificates for authentication to the ASA.
You can distribute the user certificates via GPO from AD (assuming you have an AD infrastructure), the certificate would be tied to the users AD account.

HTH
0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-16-2020 09:52 AM

Hi,

 

   This is not supported at this point, probably will never be, due to security concerns. You can ease the "pain" on the user's side and increase your overall security by using double authentication (fist one certificate based, the second one username/password based), and pre-fill the username from a filed of the certificate, so they only need to enter their password.

 

Regards,

Cristian Matei.

0 Helpful

Mark Bowyer
Level 1
Level 1
In response to Cristian Matei

‎03-17-2020 03:54 AM

Using certificates sounds like a good plan. Is there a decent guide somewhere that explains the best way to set this up?

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Mark Bowyer

‎03-17-2020 05:54 AM

Hi,

 

   In case you want to deploy double authentication, with certificates and username pre-fill, here's a guide to help you out:

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html


Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents