Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
2
Replies

Create policy for the user that is using SSO authentication to VPN

Network-To-Network
Level 1
Level 1

‎12-01-2021 01:47 AM

Using Cisco Firepower 2130 Threat Defense v6.7.0 and FMC Virtual 7.0,

I'm using Azure SAML SSO for VPN authenticated users. However, there is one problem that cannot Identity that user to create a Policy. My idea is to create policy = user after successfully authenticated VPN, instead of like now I have to policy = IP address.

Don't know how to do that?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Network-To-Network
Level 1
Level 1

‎12-01-2021 10:22 PM

Hi

0 Helpful

msaringer
Level 1
Level 1

‎01-21-2022 03:44 PM

I'm having the same issue - the traffic from a user signed into AnyConnect via SAML on the FTD device shows "Not Found" in the Connection Events. 

 

I have a realm and Identity Policy configured for the VPN subnet, users who are using RADIUS are logged correctly. Is this an undocumented limitation of using SAML Authentication? I've added LDAP Authorization as well and users are matched correctly from the SAML username to their LDAP account so the information is there - the FMC just doesn't seem to be associating it to the events.

 

This is on FMC and FTD version 7.0.1

0 Helpful
Customers Also Viewed These Support Documents