Aloha,
I'm assisting a client in troubleshooting the setup of AnyConnect VPN into two MX endpoints.
WHAT WORKS: They have implemented DUO and Entra ID, which work correctly for logging into their HQ location.
WHAT'S BROKEN: They employ a backup site with another MX unit for failover purposes. We've been unable to enable SAML with DUO and Entra ID at the second site, while the Meraki Cloud Auth works fine.
The client opened tickets with Cisco, Duo, and Azure - none of which have been able to get this sorted out.
Azure tech stated, "We can't create a second application with the same entity ID from DUO, and we can't add a second AnyConnect VPN to the current Azure application for the 2nd AnyConnect VPN."
Duo support, "They advised they only support 1 SAML identity provider at this time, but there is a current feature request that I can add to this ticket to get it seen by more eyes and develop it."
Are there any guides or tips to get us on the right track?
Cheers, -Ian