Solved: Configuring Firepower SAML: Default OS Browser on FTD using FMC.

maghi · ‎05-12-2023

Hello

I have a VPN setup on a FTDv running software version 7.0.5, that is managed using FMCv running software version 7.0.5 and a VPN connection using Cisco Secure Client running version 5.0.01242.
The VPN connection is configured to use SAML with Microsoft Authenticatior running in Azure.

We would like to change the SAML login browser to stop using the VPN client embedded browser for logins and use the default OS browser instead.

Going to through this blog post:
https://networkwizkid.com/cisco-secure-firewall-threat-defence-remote-access-vpn-with-duo-passwordless-authentication/

I can see the option in the connection profile called: "SAML Login Experience" that can be set as "Default OS Browser". But that blog post is using (FTDv) (7.3) and (FMCv) (7.3) with Cisco AnyConnect (4.10).

Is this option a part of software update between 7.0.5 - 7.3, and then which software version is it?
I have been trying to find this on the internet without any luck, all help is greatly appreciated.

Pavan Gundu · ‎07-02-2023

Hey Maghi,

You would need to upgrade your software versions to 7.1 or above to use the feature you are looking for.

Search for "AnyConnect" in https://www.cisco.com/c/en/us/td/docs/security/firepower/710/relnotes/firepower-release-notes-710/features.html

Check the SAML section in https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/vpn-remote-access.html#task_ngy_zcd_5gb

View solution in original post

Marvin Rhoads · ‎07-03-2023

As @Pavan Gundu noted, the feature is new as of 7.1. The current suggested release is 7.2.4 and I would recommend that (a long term release with many, many bug fixes incorporated) over 7.1 (a short term release which was primarily pushed out to provide initial hardware support for 3100 series).