Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
59498
Views
40
Helpful
36
Replies

How to use cloud Azure MFA with ASA Vpn and Cisco AnyConnect?

davidbnbf
Level 1
Level 1

‎03-15-2018 01:18 PM - edited ‎03-12-2019 05:07 AM

I can find a bunch of documentation on how to install an on premise Azure MFA server however we are already setup for the cloud version of MFA and don't want to migrate on premise with that.  I would like to integrate our Cisco ASA VPNs using Cisco AnyConnect Secure Mobility client to use the cloud based Azure MFA and Microsoft Authenticator.  Is this possible?  Anyone tried this or point me in the right direction on the minimum amount of work to configure this setup?

18 people had this problem
Labels:
0 Helpful
36 Replies 36

davidbnbf
Level 1
Level 1
In response to philip moore

‎10-14-2019 05:58 AM

Can you post instructions or documentation for transitioning to cloud MFA with SAML?
0 Helpful

MARK BAKER
Level 4
Level 4
In response to philip moore

‎10-14-2019 10:17 AM

Hi Philip,

Do you have a link to this announcement? 

Thanks,
Mark

0 Helpful

philip moore
Level 1
Level 1
In response to MARK BAKER

‎11-02-2019 11:40 AM

https://docs.microsoft.com/bs-latn-ba/Azure/active-directory/authentication/howto-mfaserver-nps-vpn

 

As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.

HubbaBubbaCakes
Level 1
Level 1
In response to davidbnbf

‎03-27-2020 01:32 PM

Hi, 

We have this mostly working but it does a MFA challenge every time you log into VPN. Is that what's happening for you?

0 Helpful

alvarezax
Level 1
Level 1
In response to davidbnbf

‎05-06-2020 09:01 AM

Hi David,
can you share the steps you followed while implemented the solution you mentioned in your post? I currently have a NPS with Azure connector and I'm trying to integrate Cisco ISE. The NPS by itself works fine with MFA adn Azure, the issue is teh integration of ISE into the mix. I tried configuring the NPS as a external radius and also using a radius token to point to it but both get stuck on the NPS. If there is a way to integrate the ISE directly to the Cloud Azure I would really appreciate if you share with us that information. Thank you
0 Helpful

Chekol Retta
Level 1
Level 1
In response to davidbnbf

‎06-23-2020 01:07 AM

How did you get around with expired password? NPS extension doesn't support renewing expired password. Users are not getting the prompt to renew their password when they login to Anyconnect with Azure MFA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents