Solved: Cache user login credentials when using Azure MFA with AnyConnect

Hullabaloo · ‎07-24-2023

Is there a way to cache user login credentials when using Azure MFA with AnyConnect?

We are just starting our journey with AnyConnect and have it working fine with Azure MFA. However each time the user connects to VPN, they have to re-enter their credentials. We'd prefer these be cached so the user just received the MFA prompt in their authenticator app.

marce1000 · ‎07-25-2023

- Check if this can work for you :
Enable the "Keep me signed in" option in the AnyConnect VPN client. This option will allow the client to store the user's credentials in a local cache, so they do not have to re-enter them each time they connect to the VPN.

To enable the "Keep me signed in" option, follow these steps:

Open the AnyConnect VPN client.
Click on the Options button.
Click on the Advanced tab.
Check the box next to Keep me signed in.
Click on the OK button.

Once you have enabled the "Keep me signed in" option, the user's credentials will be cached in the AnyConnect VPN client. The next time the user connects to the VPN, they will be prompted to enter their MFA code, but they will not need to re-enter their username and password.

Here are some additional things to keep in mind:

The "Keep me signed in" option is only available for users who are authenticated with Azure MFA.
The cached credentials will expire after a certain period of time, which is determined by the AnyConnect policy.
If the user's password changes, the cached credentials will be invalidated.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎07-25-2023

- Check if this can work for you :
Enable the "Keep me signed in" option in the AnyConnect VPN client. This option will allow the client to store the user's credentials in a local cache, so they do not have to re-enter them each time they connect to the VPN.

To enable the "Keep me signed in" option, follow these steps:

Open the AnyConnect VPN client.
Click on the Options button.
Click on the Advanced tab.
Check the box next to Keep me signed in.
Click on the OK button.

Once you have enabled the "Keep me signed in" option, the user's credentials will be cached in the AnyConnect VPN client. The next time the user connects to the VPN, they will be prompted to enter their MFA code, but they will not need to re-enter their username and password.

Here are some additional things to keep in mind:

The "Keep me signed in" option is only available for users who are authenticated with Azure MFA.
The cached credentials will expire after a certain period of time, which is determined by the AnyConnect policy.
If the user's password changes, the cached credentials will be invalidated.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

qrahaon · ‎11-23-2023

Hi marce1000,

Your answer regarding credentials is exactly what we are looking for.

However, I can't find the settings you're referring to. Do you know if the option still exists in AnyConnect or has it been removed?

Hullabaloo · ‎07-25-2023

Thank you so much !

Really appreciate your detailed response.

Leon1 · ‎03-12-2024

Such an option does not exist. Not in AnyConnect and not in Cisco Secure Client.