Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8078
Views
1
Helpful
4
Replies

Cisco Anyconnect with on-premises AD and Microsoft Authenticator MFA

Go to solution
dganta
Level 1
Level 1

‎03-24-2021 05:47 PM

HI,

 

We are looking to integrate our Cisco anyconnect with Microsoft MFA for secondary authentication with primary authentication being on-premises AD, we are as of now integrated it with DUO MFA for secondary authentication and want to migrate that to Microsoft MFA, however cannot see the document for the same anywhere can we  configure this  without NPS extension just using on-premises AD

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-26-2021 07:11 AM

AnyConnect, acting as the VPN client to a headend ASA or FTD device, cannot currently authenticate directly with Microsoft MFA, either as primary or secondary authentication. It can authenticate via SAML to Azure AD and then Azure can be set to use Microsoft MFA. Similarly it can use the NPS extension as you alluded to.

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-26-2021 07:11 AM

AnyConnect, acting as the VPN client to a headend ASA or FTD device, cannot currently authenticate directly with Microsoft MFA, either as primary or secondary authentication. It can authenticate via SAML to Azure AD and then Azure can be set to use Microsoft MFA. Similarly it can use the NPS extension as you alluded to.

Go to solution
CeeDeeLight
Level 1
Level 1
In response to Marvin Rhoads

‎04-15-2025 11:44 AM

@Marvin Rhoads  I would greatly appreciate your insight. I am responding to someone's previous post (dganta) and you provided an answer. I would like to know if the same situation exists now in 2025. The same is for my environment, we are looking to integrate our Cisco AnyConnect with Microsoft MFA for secondary authentication with the primary authentication being on-premises AD. We too have it integrated with DUO MFA for secondary authentication and want to migrate to Microsoft MFA. Is this possible with on-premises AD or would we need to be on Microsoft Entra ID (formerly Azure AD).  Thank you in Advance.

0 Helpful

Go to solution
dganta
Level 1
Level 1

‎03-26-2021 07:43 AM

Thank you Marvin for the reply. 

0 Helpful
Customers Also Viewed These Support Documents