find a MFA solution for Any Connect and SBL with AD

riderfaiz · ‎02-06-2023

HI everyone,

Hope you are all doing well! I would like to get your opinion and see if this is feasible.

We are deploying laptops for mobile users. The laptops will be joined the domain and Cisco AnyConnect will be used to connect to the corp network. I would like to ask if there are any MFA product(s) that can support both AnyConnect and Windows AD logon ( SBL - startup before logon)? Besides, I am not sure if there is one single product offered to do both at once?

I am looking into Duo and MiniOrange. Does anyone have any experience in using them?

Thank you for your help!

Takami Chiro

DannyDulin · ‎02-08-2023

riderfaiz,

We use Duo for our MFA. Although we do not yet use it for Windows AD logon, we will in the future. I have tested successfully using Duo with the intial offnetwork logon of the day. I've tested it successfully for subsequent Windows logon and I've tested it successfully with RDP logons as well.

We have been using Duo for SSO MFA for the past 12 months for our AnyConnect VPN connectivity and are very happy with this solution.

One thing to note, Cisco is in the process of rolling out an all encompassing mobile security client that combines Duo into their AnyConnect client. I believe they're changing the name to Cisco Secure Access. I believe that's the name. My point is if you haven't implemented and MFA yet, look into the new Cisco secure mobility solution.

troyb · ‎10-16-2024

Was there ever a solution to this? I know that Duo SAML and SBL don't work because it pops up a browser for login and there is no browser until after you are logged into the OS.