Secure connect remote access

Solved
Mitchell68
Comes here often

Secure connect remote access

Hello all..I hope you are all well.

I am new to the forum and new to Cisco Secure connect. I have been watching as many videos as I can and reading as much as possible to learn about how to implement secure connect and how Umbrella fits in. I would say the only frustration part is when connecting to support...which one is it ....Meraki...or Umbrella 🙂

 

Any hows..this is the question I need to resolve, and it could be my lack of understanding of how Secure Connect is suppose to authenticate remote users via secure connect client.

I have added all of our offices to secure connect sites and will be enabling the site routes so all traffic has a VPN tunnel straight to the Cisco cloud. For remote access and from the information available it looks fairly straight forward to implement for our remote workers via secure connect client., however there seems to be no info on 2fa.

At present we are using AnyConnect as the VPN with a Meraki MX as the head end, along with Radius to an internal Duo authentication proxy server and Duo push notifications. I know when we start using the Cisco cloud the idea is to have flexibility of which head end the remote users will connect to via VPN for authentication.

Any info...words of wisdom...whitepapers would be extremely grateful.

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

> how Secure Connect is suppose to authenticate remote users via secure connect client.

 

For remote client VPN access - you us an IDP.  For example, to use Entra ID:

https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco__Secure_Connect_Now_-_Users/Cisco__Sec...

 

View solution in original post

4 Replies 4
thaack
Getting noticed

I'm not super knowledgeable about the Secure Connect because I haven't deployed it yet, but I'm fairly sure 2FA challenges would be handled by your IDP provider because that's how it works with AnyConnect, unless you opt to utilize Meraki Cloud Authentication. It entirely depends on the IDP provider to issue MFA challenges. For example, here's how to configure MFA challenges for Microsoft Entra ID in the MS admin portal. 

 

Ref: Meraki Cloud Authentication (Cisco Secure Connect Embedded) - Cisco Meraki Documentation

PhilipDAth
Kind of a big deal
Kind of a big deal

> how Secure Connect is suppose to authenticate remote users via secure connect client.

 

For remote client VPN access - you us an IDP.  For example, to use Entra ID:

https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco__Secure_Connect_Now_-_Users/Cisco__Sec...

 

Mitchell68
Comes here often

Thanks for both of your replies - once tested over the weekend I can see that it is using the IDP which I have set up with Entra - just need to sort out the Duo push between Duo and Entra similar to how we have 2fa on O365. 

PhilipDAth
Kind of a big deal
Kind of a big deal

You should set it up to use Duo as your Idp instead of Entra in that case (that is what we use).

Get notified when there are additional replies to this discussion.