09-08-2021 06:52 AM
We used to have users in various groups setup for AnyConnect, and at that time we could control which systems and services remote users could access. Once we implemented SSO with MFA with our Azure AD, we lost this ability, but we're trying to figure out a way to get this back.
Is it possible to create a policy within Azure that says, if User belongs to Group A, assign user an IP in range 10.1.1.1-10.1.1.254, or if User belongs to Group B, assign user an IP in range 10.1.2.1-10.1.2.254? We could then filter traffic on the outside interface. Or is there another way to accomplish this? We do have Umbrella, so we're investigating features there, but maybe there is something in that offering?
Thanks
Solved! Go to Solution.
09-08-2021 10:38 AM
If you had ISE this would be a simple solution, but I am assuming you do not have ISE?
Are you using SAML for SSO? If so you just need to define the authentication server under the tunnel-group. Then you can use SAML for SSO and for a second authentication / authorization you would use the server defined under the tunnel-group.
09-08-2021 10:38 AM
If you had ISE this would be a simple solution, but I am assuming you do not have ISE?
Are you using SAML for SSO? If so you just need to define the authentication server under the tunnel-group. Then you can use SAML for SSO and for a second authentication / authorization you would use the server defined under the tunnel-group.
09-08-2021 01:14 PM
I understand that the ISE solution would work out well. We do have ISE (older version), but we've been told we have to upgrade to implement a solution that will integrate with VPN. It's been approved to be purchased next year, but it'll be a completely new system stood up in parallel with the existing one.
We are using SAML for SSO. Ahh, I think this is making sense.
I just ran across this Microsoft article and compare what's in here to what you say. It may be fairly close. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide