Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
0
Helpful
1
Replies

Enable Azure MFA with Certificate Check on Anyconnect

pagosojayson
Level 1
Level 1

‎07-21-2021 06:35 AM

Hi,

 

Our company is targetting to enable Azure MFA on AnyConnect VPN (we are using FTD).  But we also do not want to lose the ability of our VPN to check the certificates of the device logging into the VPN.  Is this possible to do?  I do not see any option on how I can do this on FTD. But it would be great if someone has done this before or can point me out to the proper resources on how we can achieve this?

 

This is how we currently authenticate our machines/users to the VPN

current.jpg

 

We want to enable SAML but it does not give us the option to check Client Certificates.

 

saml.jpg

 

Thank you in advance

 

 

Labels:
0 Helpful
1 Reply 1

Josue Brenes
Cisco Employee
Cisco Employee

‎07-23-2021 11:17 AM

You might want to take a look at the following link, it applies for ASA as well as for FTD:

https://community.cisco.com/t5/vpn/asa-anyconnect-vpn-with-saml-and-certificate-authentication/m-p/4061350#M271571

 

Rate if it helps.

 

Regards,

Josue Brenes

TAC - VPN Engineer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents