Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3430
Views
0
Helpful
2
Replies

AnyConnect MFA - user prompts with 3rd party RADIUS

tickermcse76
Level 1
Level 1

‎05-17-2016 12:11 PM - edited ‎02-21-2020 08:49 PM

For AnyConnect VPN, I'm in the process of switching from an MFA provider who is partnered with Cisco, to an SSO provider who is not.  With the current provider, when a user attempts to authenticate with the VPN, they are prompted with a username, password, and token field; all in one pop-up window. 

In testing with a new provider who is not Cisco partnered and using RADIUS, I am able to configure and login with MFA successfully. But when authenticating, the user is prompted with 2 separate pop-up windows.  The first window has the username and password fields (also the VPN profile drop down).  If those credentials are successfully validated, a second pop-up window appears with an "answer" field at the top, and a message box titled "Authentication Message", with the text "This is a challenge" (image attached).

  • Is it possible to customize such that the user is prompted with a single pop-up window with username, password, and answer/token field?

  • If it is not possible to consolidate the pop-up windows, how can I customize the text of the second pop-up window to make it more user friendly?  I have tried to create a custom GUI Text and Messages profile, but have not been able to get it to change the context of the prompts.
2 people had this problem
Labels:
Preview file
14 KB
0 Helpful
2 Replies 2

stephen.williams4
Level 1
Level 1

‎08-05-2016 03:17 AM

Did you manage to get any further with this question? I have exactly the same issue at the moment on a project I am working on. Our users have fed back that the message "this is a challenge" is far from useful, so I'm hoping to understand how I can customise this, and ideally also the credential input page, to make the user experience better.

Thanks

0 Helpful

tickermcse76
Level 1
Level 1
In response to stephen.williams4

‎08-09-2016 01:34 PM

The single pop-up window (including username, password, and second factor) apparently is only available when packaged though a Cisco partner (such as Duo Security).  

For any other MFA solution, you can customize the "this is a challenge" text.  See this link for more information:  

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/customize-localize-anyconnect.html#ID-1408-000002ab

Note that this change is applied to the client install binaries hosted on the ASA.  It's not a "live" change that users see immediately when they attempt to login.  Works great in situations where the client is not deployed, or if you enforce a client update.  But if the client is already installed, it would need to be reinstalled for the new text to show up.

0 Helpful
Customers Also Viewed These Support Documents