Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
1
Replies

Authentication with AD username/password + RSA 2FA in a single session

stevenbahnsen1
Level 1
Level 1

‎10-25-2019 02:15 AM - edited ‎02-21-2020 09:47 PM

hi there,

 

From what I've gathered online, it's not possible to perform authentication solely with ISE using a validation of username/password credentials against AD, along with a RSA token pin in a single authentication session.

 

Is this true? 

 

My use case is authenticating users via anyconnect SSL VPN where a user will need to enter their AD credentials along with an RSA 2fa code from a software or hardware token in order to successfully authenticate and establish a vpn session.

 

I understand this is possible via other methods, e.g. using double authentication with ASA, but my client wanted only to use ISE and it seems weird that it couldn't do something such as this.

 

any insight is much appreciated

 

cheers!

1 person had this problem
Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎11-08-2019 08:58 AM

The solution at Re: Anyconnect VPN with 2 Factor Authentication on ISE  should still apply.

I moved your post to VPN and AnyConnect, which is a better forum to address your question on auth options with AnyConnect VPN.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents