cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
40104
Views
25
Helpful
36
Replies
Highlighted
Beginner

How to use cloud Azure MFA with ASA Vpn and Cisco AnyConnect?

I can find a bunch of documentation on how to install an on premise Azure MFA server however we are already setup for the cloud version of MFA and don't want to migrate on premise with that.  I would like to integrate our Cisco ASA VPNs using Cisco AnyConnect Secure Mobility client to use the cloud based Azure MFA and Microsoft Authenticator.  Is this possible?  Anyone tried this or point me in the right direction on the minimum amount of work to configure this setup?

36 REPLIES 36
Highlighted

Can you post instructions or documentation for transitioning to cloud MFA with SAML?
Highlighted

Highlighted

Hi Philip,

Do you have a link to this announcement? 

Thanks,
Mark

Highlighted

https://docs.microsoft.com/bs-latn-ba/Azure/active-directory/authentication/howto-mfaserver-nps-vpn

 

As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.

Highlighted

Hi, 

We have this mostly working but it does a MFA challenge every time you log into VPN. Is that what's happening for you?

Highlighted

Hi David,
can you share the steps you followed while implemented the solution you mentioned in your post? I currently have a NPS with Azure connector and I'm trying to integrate Cisco ISE. The NPS by itself works fine with MFA adn Azure, the issue is teh integration of ISE into the mix. I tried configuring the NPS as a external radius and also using a radius token to point to it but both get stuck on the NPS. If there is a way to integrate the ISE directly to the Cloud Azure I would really appreciate if you share with us that information. Thank you
Highlighted

How did you get around with expired password? NPS extension doesn't support renewing expired password. Users are not getting the prompt to renew their password when they login to Anyconnect with Azure MFA

Content for Community-Ad