Showing results for 
Search instead for 
Did you mean: 

Anyconnect SAML Browser Minimised, how to configure the built in browser?

James Vale

Hi guys.

I have a couple of ASAs I have inherited after the last guy left.

When connecting Anyconnect to one of them the SAML authetication window opens in a dedicated window

When connecting to the other the SAML authentication opens in the OS Default browser, usually minimised and generally anoys my users.


I have hunted high and low but cant find the setting to change this anywhere.   The client profiles are identical on each unit.


Can someone point me in the right direction please?




4 Replies 4

Tarik Admani

Hi - did you resolve your issue, running into the same issue here as well.



   Do you run different version of ASA and Anyconnect? The SAML behaviour, using system defined or embedded browser is different based on the versions used.



Cristian Matei.

Same version of anyconnect - different versions of ASA, was wondering if we can set the external browser versus the thin browser.



SAML 2.0 with a native (external) browser is available in AnyConnect 4.4 and AnyConnect 4.5 and ASA release 9.7.x, 9.8.x, and 9.9.1. The new enhanced version with embedded browser requires you to upgrade to AnyConnect 4.6 and ASA (or later), (or later), or (or later).

When upgrading or deploying the headend or client devices with the embedded browser SAML integration, take note of these scenarios:

  • If you deploy AnyConnect 4.6 first, both the native (external) browser and the embedded browser SAML integration function as expected without further action. AnyConnect 4.6 supports either an existing or updated ASA version, even when you deploy AnyConnect first.

  • If you deploy the updated ASA version (with the embedded browser SAML integration) first, you must in turn upgrade AnyConnect, because, by default, the updated ASA releases are not backward compatible with the native (external) browser SAML integration in releases prior to AnyConnect 4.6. The upgrade for any existing AnyConnect 4.4 or 4.5 clients occurs after authentication and requires you to enable the saml external-browser command in tunnel group configuration.




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers