AnyConnect authentication using logged on credentials

Mark Bowyer · ‎03-16-2020

Hi,

Is it possible to configure AnyConnect to auto authenticate using the logged on users credentials? so they don't have to enter their username/password at Windows login and then again to connect via AnyConnect?

Thanks,

Mark

Rob Ingram · ‎03-16-2020

Hi,
No you cannot transparently pass the username/password credentials from the logged on user. If you don't want the users to enter their credentials, you could use user certificates for authentication to the ASA.
You can distribute the user certificates via GPO from AD (assuming you have an AD infrastructure), the certificate would be tied to the users AD account.

HTH

Cristian Matei · ‎03-16-2020

Hi,

This is not supported at this point, probably will never be, due to security concerns. You can ease the "pain" on the user's side and increase your overall security by using double authentication (fist one certificate based, the second one username/password based), and pre-fill the username from a filed of the certificate, so they only need to enter their password.

Regards,

Cristian Matei.