Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5203
Views
15
Helpful
15
Replies

Can two AnyConnect connection profiles use the same SAML IdP?

lina.cao
Level 1
Level 1

‎09-23-2019 07:02 AM - edited ‎02-21-2020 09:45 PM

I would like have my two connection profiles "DefaultWEBVPNGroup" and "Azure_MFA" use SAML authentication. And I have already configured both certificates in the ASA. But I just realized in the SAML idp, I only can configure one "trustpoint idp" to  unique tunnel group profile...

 

My question is how to make both Anyconnect profiles use SAML authentication at the same time? Thanks!

 

Webvpn
Saml idp https://sts.windows.net/******/
 url sign-in https://login.microsoftonline.com/****/
 url sign-out https://login.microsoftonline.com/***/
 trustpoint idp <tunnel-group name>
 trustpoint sp ASDM_TrustPoint1
 no force re-authenticate
 no signature
 base-url https://.....

3 people had this problem
Labels:
0 Helpful
15 Replies 15

Salman Mahajan
Cisco Employee
Cisco Employee

‎07-16-2023 12:27 PM

Yes you can use identical IDP on FTD however It is not possible to configure multiple Tunnel-groups with same instance of the Cisco AnyConnect application on Azure . As per the Microsoft , if you would like to on board multiple TG  of the server then you need to add multiple instances of the Cisco AnyConnect application . Please refer to the below link

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-anyconnect 

0 Helpful
Customers Also Viewed These Support Documents