Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
0
Helpful
4
Replies

VPN Anyconnect : Auth' OKTA + Authoriz' ISE

cisco.13
Level 1
Level 1

‎02-09-2022 01:11 PM

Hello,

 

Because OKTA returns only one radius attribute, I need to configure a Cisco VPN Anyconnect by:
- Authentication with an OKTA Radius server: allow to validate user credentials
- Authorization with an ISE server: allows to return several radius attributes (class, IP pool, ...)

 

Can you help me please?

 

Thank you

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎02-09-2022 01:20 PM

@cisco.13 you could send aaa to ISE. ISE can proxy authentication requests to okta. Once authentication is passed ise will authorise the session.

0 Helpful

cisco.13
Level 1
Level 1
In response to Rob Ingram

‎02-09-2022 01:42 PM

@Rob Ingram thank you for your reply,
can you share the procedure or screenshots of the ISE configuration please?

Thank you

0 Helpful

cisco.13
Level 1
Level 1
In response to cisco.13

‎02-22-2022 07:37 AM

Hello,

I succeeded to authenticate with okta and add the authorizations on ISE
question, how can I authorize only a specific group from okta?

Thank you

0 Helpful

cisco.13
Level 1
Level 1

‎02-22-2022 12:51 PM

Hello,

I succeeded to authenticate with okta and add the authorizations on ISE
question, how can I authorize only a specific group from okta?

Thank you

0 Helpful
Customers Also Viewed These Support Documents