Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
0
Replies

AnyConnect authorization using Azure AD

ANDERSFREDRIKSSON7084
Level 1
Level 1

‎06-17-2020 05:51 AM

I’m working on a test environment where we’re trying to move from on-prem AD to Azure AD. In this scenario I’m trying to replace AD with Azure AD for authentication and authorization of VPN clients. The trick here is that Identity management is cloud-based while VPN FW and servers are on-prem.

 

For on-prem AD, I can use LDAP to authenticate VPN clients as well as via DAP grant access to clients on a server by server basis using AD GROUPS. This works well and move some of the administration regarding server access to AD admins.

 

Doing same (or close) using Azure AD seems more difficult. I solved authentication using SAML so we can login but there I’m stuck. Any suggestions on how to check user group membership etc. is of interest.

 

We have, though not in this test environment, ADFS and ISE, so I can probably configure it if needed. There might be users that only exist in Azure AD and some of those might need VPN to access one or more servers. I think my question boils down to finding a functional replacement for LDAP.

 

In the test environment I’m using ASAv 9.12.(3)12 and AnyConnect 4.7.03052.

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents