I have a couple of ASAs I have inherited after the last guy left.
When connecting Anyconnect to one of them the SAML authetication window opens in a dedicated window
When connecting to the other the SAML authentication opens in the OS Default browser, usually minimised and generally anoys my users.
I have hunted high and low but cant find the setting to change this anywhere. The client profiles are identical on each unit.
Can someone point me in the right direction please?
Do you run different version of ASA and Anyconnect? The SAML behaviour, using system defined or embedded browser is different based on the versions used.
SAML 2.0 with a native (external) browser is available in AnyConnect 4.4 and AnyConnect 4.5 and ASA release 9.7.x, 9.8.x, and 9.9.1. The new enhanced version with embedded browser requires you to upgrade to AnyConnect 4.6 and ASA 126.96.36.199 (or later), 188.8.131.52 (or later), or 184.108.40.206 (or later).
When upgrading or deploying the headend or client devices with the embedded browser SAML integration, take note of these scenarios:
If you deploy AnyConnect 4.6 first, both the native (external) browser and the embedded browser SAML integration function as expected without further action. AnyConnect 4.6 supports either an existing or updated ASA version, even when you deploy AnyConnect first.
If you deploy the updated ASA version (with the embedded browser SAML integration) first, you must in turn upgrade AnyConnect, because, by default, the updated ASA releases are not backward compatible with the native (external) browser SAML integration in releases prior to AnyConnect 4.6. The upgrade for any existing AnyConnect 4.4 or 4.5 clients occurs after authentication and requires you to enable the saml external-browser command in tunnel group configuration.