SAML SSO for non-Windows Anyconnect

Roman Samoylov · ‎06-24-2021

I've managed to make Anyconnect for Win stop from asking for multi-factor - you add your AAD account as "work or school account" and Anyconnect finds it, you tap "connect", then choose your account and VPN's connected.

Is there a way to perform the same maneuver for Linux (say Ubuntu 20) and Mac? I don't see a way to add Office365 account to these.

Milos_Jovanovic · ‎06-25-2021

Hi Roman,

I did integration of AnyConnect with AAD using SAML before. However, these were corporate devices, which were enrolled in Intune (equivalent of AD Join for on-prem infrastructure), so no workaround was required (no manual account adding was required).

Same way, we did integration for Mac devices as well, as those too are managed by Intune, and SSO works on Mac same way as on Windows.

I don't know if Linux is also Intune manageable, but, if it is, I would expect same behavior like on any other OS for SSO.

Either way, this is more of a question for operating system than it is for AnyConnect.

BR,

Milos

Roman Samoylov · ‎06-25-2021

We have personal devices allowed, so enrolling is not an option

Yes, I agree that it's up to operation system, but I only see one workaround available (school/work account) and it's available for Windows.

Milos_Jovanovic · ‎06-25-2021

Based on some quick reading, I don't think it is doable for unmanaged devices.

As I said, it is not AnyConnect issue, but OS. If you don't have SSO/SAML configured on your OS, or something that would do initial logon for you, no token can be issued for AnyConnect as well.

BR,

Milos