Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
1
Replies

Azure MFA + Cisco ISE integration

danielesquaranti
Level 1
Level 1

‎10-10-2021 06:21 AM

Hi,

I want to harden anyconnect vpn connection authentication.
At the moment I have configured the asa so that authentication works via certificate and login with active directory.
I was looking for the best way to integrate MFA.
I saw that it is also possible to do this with Azure MFA, only I wanted to understand if it is also possible to check the client's certificate, perhaps using the cisco ise.
Anyone have any suggestions?

 

Thanks in advance

Labels:
0 Helpful
1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎10-11-2021 03:31 AM

Hi @danielesquaranti,

Currently, it is not supported to use SAML and certificate at the same time. Client certificate is requested by ASA, not ISE, in the authentication process on VPN.

You could enforce additional conditions in the Conditional Access Policy on Azure side, and to ask for 'Managed Device' condition to be satisfied too. This is also checking of certificate on your machine, just different one (they will be Azure issued certificates, issued upon Azure enroll process).

BR,

Milos

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents