Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
1
Replies

CA Certificates to AnyConnect Pinning

DanielHood95543
Level 1
Level 1

‎10-19-2020 03:13 AM

I'm using AnyConnect. I want to use certificates to authenticate multiple different user types (with Active Directory). I want to import three or four CAs, i.e. OrganisationACA, OrganisationBCA, OrganisationCCA and OrganisationDCA. And then have the users authenticate against three or four Active Directories. What stops a user from OrganisationA, with a certificate signed by OrganisationA use it with a user from OrganisationB to authenticate to OrganisationB profile? 

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎10-19-2020 03:37 AM

Not sure if I get the question, but if you want to limit users to their
organizations according to their certificates, you can use certificate
maps. This can map certs to group-policies so that users can't use them
with other organizations.

**** please remember to rate useful posts
0 Helpful
Customers Also Viewed These Support Documents