cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1359
Views
2
Helpful
2
Replies

Firepower VPN with MFA Can't create multiple profiles

0rsnaric
Level 1
Level 1

We have a Cisco Firewpower 4115 and currently have VPN configured with MFA. Our SSO provider is Azure.

I am trying to add a second profile that has a few differences from our main profile. It also needs to be MFA. But when I add a SSO provider and assign it to the profile it will not allow me to push the configuration to the firewall. I get this error:

 

Policy Name: *****
Summary: Duplicate Identity Provider Entity ID.
Description: Selected Single Sign-on Server objects ( AzureSAMLSSO-VPN2,AzureSAMLSSO2-NOSPLIT ) are having duplicate Identity Provider Entity ID ( https://sts.windows.net/*************/ ). 
Cause: Duplicate Identity Provider Entity ID used in Single Sign-on Server objects.
Action: Please use different Single Sign-on Server objects or configure different Identity Provider Entity ID

 

How can i have two profiles sharing my SSO server? On the 0365 side, they are two different applications, ProfileU and ProfileZ. If I just try to share ProfileU's SSO server with ProfileZ it fails.

Any ideas?

 

 

1 Accepted Solution

Accepted Solutions

BlakeBratu
Cisco Employee
Cisco Employee