Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4320
Views
0
Helpful
2
Replies

Anyconnect SAML auth to Azure AD SSO - not doing SSO

Peter Cresswell
Level 5
Level 5

‎11-22-2018 10:47 AM - edited ‎02-21-2020 09:31 PM

Hi,

Has anyone used AnyConnect SAML auth (on ASA) using Azure AD SSO as the IdP?

I have it configured and can log in ok, but it's prompting me for my credentials where is should support Single Sign On since my PC is AAD joined...

Has anyone been able to make it work using SSO with either this or any other SAML IDP?

 

I'm using ASAv 9.9.2.32, and Anyconnect 4.6.02074, Windows 10.

 

I did wonder if its related to the new embedded browser (since IE can authenticate SSO without prompting for credentials to all other AAD integrated apps ok). I tried the "saml external-browser" command under the tunnel-group config to switch it back, but there was no noticeable difference, it still appeared to be using the embedded browser.

 

Thanks,
Peter

Labels:
0 Helpful
2 Replies 2

Sloanstar
Level 5
Level 5

‎01-14-2019 02:31 PM

Did this ever get resolved? Looking to setup something very similar to the environment you described.

0 Helpful

Peter Cresswell
Level 5
Level 5
In response to Sloanstar

‎01-15-2019 12:04 AM

Yes it’s working :)

it required this command to not prompt for auth and use Sso:

 

Saml idp <uri>

  No force re-authentication

 

The biggest frustration with this solution is there is apparently no way to have the ASA evaluate claims that are sent back and use them for Dynamic Access Policies. But if all users will get the same policy it seems to work great!

0 Helpful
Customers Also Viewed These Support Documents