Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1002
Views
1
Helpful
3
Replies

Cisco Secure Client and Entra ID - remember the username

Go to solution
Chess Norris
Level 4
Level 4

‎12-03-2025 05:21 AM

Hello,

When using RA VPN with Entra ID SSO, is it possible to configure Entra ID to remember the username when the user re-connects?

Every time a user want to connect, he is forced to enter his username/password and we want the username to be remembered like before when we were using Secure Client without Entra ID.

I read a similar thread with secure client and Meraki MX and in that case you needed to create a support ticket with Meraki support and have them disable force re-authentication in the back-end. 

How can we achive the same result with FTD managed by FMC?

There is a setting in Entra ID called " Request Idp re-authentication on Logon" This is enabled by default. If I dissable that, will it let us bypass authentication?

Thanks

/Chess

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ben Weber
Level 1
Level 1

‎12-04-2025 03:11 PM

Hey @Chess Norris 

You are correct - disabling 'Request IdP re-authentication on Logon' will allow the SSO session to persist in Secure Client, meaning that users won't have to login if they have already authenticated to Entra. 

The only caveat to that is users will still be forced to redo their AuthN when the SSO session expires, but at least users won't have to enter their credentials each time they want to connect to the VPN/ZTA.

Hope that helps.

- BW
Please rate posts if they have been helpful.

View solution in original post

3 Replies 3

Go to solution
Ben Weber
Level 1
Level 1

‎12-04-2025 03:11 PM

Hey @Chess Norris 

You are correct - disabling 'Request IdP re-authentication on Logon' will allow the SSO session to persist in Secure Client, meaning that users won't have to login if they have already authenticated to Entra. 

The only caveat to that is users will still be forced to redo their AuthN when the SSO session expires, but at least users won't have to enter their credentials each time they want to connect to the VPN/ZTA.

Hope that helps.

- BW
Please rate posts if they have been helpful.

Go to solution
Chess Norris
Level 4
Level 4
In response to Ben Weber

‎12-05-2025 01:37 AM

Thank you. That was what I was hoping for. 

/Chess

0 Helpful

Go to solution
lynsk
Level 1
Level 1
In response to Ben Weber

‎01-16-2026 02:09 AM

Are there security risks associated with remembering the username or is it ok to remember the username as long as you are still using Entra SSO and MFA

My users are complaining about having to re-enter their username each time they connect - such as connecting using WiFi in the office or plugged directly in to the LAN - then moving to a hotspot and connecting while in their vehicle - then returning to the office and having to reconnect again each time a new WiFi or hotspot changes throughout the day as they move around a lot.  They have to connect quickly to respond to a callout and having to re-type their login user name over and over causes loss of productivity and impacts to responsiveness.

I'm just worried if there are any security issues to consider (to allow user name to be remembered for the duration of their shift seems reasonable) - especially since they still have a 30 min inactivity lockout on their screen.

0 Helpful
Customers Also Viewed These Support Documents