Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
5
Helpful
1
Replies

Integration of 2120 asa with azure AD

kostasthedelegate
Level 4
Level 4

‎03-31-2021 02:30 AM

Hello, 

 

I have created a VPN with SAML authentication. 

I have followed this guide 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configure-asa-anyconnect-vpn-with-micros.html#anc16

 

About these commands

trustpoint idp AzureAD-AC-SAML - [IdP Trustpoint] 
trustpoint sp ASA-EXTERNAL-CERT - [SP Trustpoint]

 The first is the cert generated by Azure

What is the second one?

 

Has anyone performed this before?

 

Regards, 

Konstantinos

0 Helpful
1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎03-31-2021 02:54 AM

Hi Kostas,

2nd trustpoint is configured on the ASA(in this case acting as service provider) itself for the ID certificate issued to ASA.

Check this doc I wrote for SAML with Duo and look for the trustpoint "ID_CERT" and you will see the configuration for it on ASA.
The same logic applies to Azure SAML integration.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215672-integrate-duo-saml-sso-with-anyconnect-s.html

Thank you,

Dinesh Moudgil

P.S. Please rate helpful posts.
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
Customers Also Viewed These Support Documents