cpopk.blogg.se - Cisco anyconnect azure mfa

ASA supports SAML-enabled tunnel-group on DAP policy.

SAML authentication attributes available in DAP evaluation (similar to RADIUS attributes sent in RADIUS authorization response from AAA server) are not supported.

SAML on FTD is supported for authentication (version 6.7 onward) and authorization (version 7.0 onward).

Some of the current limitations for SAML are:

The configuration allows Anyconnect users to establish a VPN session authentication with a SAML Identity Service Provider. If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. Otherwise, verify that the time is manually synchronized between them. Note: If possible, use an NTP server to synchronize time between the FTD and IdP.

Firepower Management Center (FMC) version 6.7.0.

Firepower Threat Defense (FTD) version 6.7.0.

The information in this document is based on these software and hardware versions: Prerequisites RequirementsĬisco recommends knowledge of these topics:

This document describes Security Assertion Markup Language (SAML) authentication on FTD managed over FMC.