Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
203
Views
0
Helpful
0
Replies

AnyConnect MFA using Microsoft Entra

binary_010
Community Member

‎05-11-2026 12:34 AM

Hi Guys,

I was able to set up MFA for AnyConnect using Microsoft Entra ID. However, I encountered an issue in a multi-tunnel environment.

Entra ID requires a unique application configuration for each tunnel. So, if you have multiple tunnels such as Split Tunnel, Full Tunnel, and Vendor Tunnel, separate Cisco AnyConnect Enterprise Applications need to be created in Entra for each one to enable MFA.

On the ASA side, this requires installing different certificates for each tunnel group. However, the login, logout, and SAML SSO URLs configured under WebVPN remain common. When configuring SAML for a second tunnel, the previous configuration gets replaced, causing MFA to stop working properly in a multi-tunnel setup.

Has anyone successfully configured MFA with Cisco AnyConnect 4.10.x clients in a profile-based multi-tunnel environment using Microsoft Entra ID? If so, could you please share how you handled the SAML/WebVPN configuration on the ASA side?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents