Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6140
Views
10
Helpful
7
Replies

SAML Authentication Configuration on FTD managed via FMC

Go to solution
pavan2
Level 1
Level 1

‎03-31-2021 12:48 PM

Dear community,

We are in plan to Integrate FTD Anyconnect with Azure MFA. Are there any prerequisites in terms of the FTD version and anyconnect version that we should be upgrading before integrating anyconnect with  Azure MFA and also are there any other resources in addition to below document available on the forum.

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216268-configure-anyconnect-with-saml-authentic.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configur...

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-31-2021 01:35 PM

Hi @pavan2 

SAML was only introduced in version 6.7, so you'll need to be running FMC and FTD on version 6.7. Follow that guide you referenced and you should be fine. Use AnyConnect version 4.9

 

This video my provide additional help, it describes how to setup FTD using Azure SAML.

https://www.youtube.com/watch?v=wgttyx7UFMI

 

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-31-2021 02:07 PM

It's the SAML that required specific version of FTD version 6.7 not the MFA. As it's SAML that is doing the communication between the FTD and Azure.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎03-31-2021 01:35 PM

Hi @pavan2 

SAML was only introduced in version 6.7, so you'll need to be running FMC and FTD on version 6.7. Follow that guide you referenced and you should be fine. Use AnyConnect version 4.9

 

This video my provide additional help, it describes how to setup FTD using Azure SAML.

https://www.youtube.com/watch?v=wgttyx7UFMI

 

0 Helpful

Go to solution
pavan2
Level 1
Level 1
In response to Rob Ingram

‎03-31-2021 02:25 PM

Thanks so much for your insights on this Rob!

0 Helpful

Go to solution
pavan2
Level 1
Level 1

‎03-31-2021 01:41 PM

Thank you Rob!

Not sure if my below query is valid.

Is there any difference between Anyconnect VPN with Azure MFA and Anyconnect VPN with SAML. is there any difference between Azure MFA and Azure SAML

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pavan2

‎04-01-2021 10:18 AM - edited ‎04-02-2021 12:55 AM

Azure MFA is a feature added on to Azure authentications.

Your FTD will authenticate users with Azure using SAML. If your Azure-authenticated users have MFA setup that will happen in the background as part of their Azure authentication and the FTD doesn't see that part at all.

The same idea applies if you are using NPS on premises with the Azure MFA connector. FTD talks to NPS (as a RADIUS server) and NPS handles all of the MFA bits with Azure in the backend.

Go to solution
Rob Ingram
VIP
VIP

‎03-31-2021 01:52 PM

@pavan2 

I've never used Azure, but I think they are different. SAML is used to exchange the authentication information between the FTD and Azure. And MFA is the two-factor authentication, something you have (e.g. a phone) and something you know (e.g. password).

Go to solution
pavan2
Level 1
Level 1

‎03-31-2021 01:54 PM

Thank you Rob

Does integrating with MFA aswell has any prerequisites with the version of the FTD and anyconnect code

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-31-2021 02:07 PM

It's the SAML that required specific version of FTD version 6.7 not the MFA. As it's SAML that is doing the communication between the FTD and Azure.

0 Helpful
Customers Also Viewed These Support Documents