Meraki

KurtW

Hi, we are in the early stages of implementing Cisco Secure Connect. Completed the Azure AD/Entra ID SAML integration, followed instructions for the SSO with SAML and it is working but not quite as I expected. We use the Cisco Secure Client app, after connecting there is a Azure AD Login Window and then you can enter your user name and password. However, I expected a SSO experience similar to other SAML/SSO integrated apps in which Entra ID automatically authenticates the user or allows you to select the user account to use for authentication. Am I not configuring the Entra ID Enterprise app correctly or is it just not possible for a seamless SSO experience similar to what we had when using a Cisco ASA for VPN?

PhilipDAth

Open a support case and ask support to set Forceauthn to false.

KurtW

I opened a Meraki Support ticket earlier, and had seen a recommendation to request this change and asked them if that was an option. Their support replied "I have consulted some of my colleagues for your questions, and unfortunately, the "ForceAuthn" setting is currently not configurable for Secure Connect Remote Access VPN; this setting is only available for traditional ASA and Meraki MX VPN deployments at this time." Is he mistaken and should I request him to check this again?

PhilipDAth

He is probably correct.

gary-geihsler

The authentication flow for Secure Connect uses the embedded browser in Secure Client. The embedded browser is segmented from the OS so it can not read SSO cookies/data.

Meraki

Community

Cisco Secure Connect and Entra ID SSO

Cisco Secure Connect and Entra ID SSO