Does anyone know of a way to assign a group policy to a VPN Session via SAML Authentication?
With radius Authentication you can pass back an attribute that would put the VPN Session into a Group Policy.
Is this possible with SAML Authentication as well?
@Ruben2 : check this out
have anyone noticed that this (Group Policy) does not even work statically with anyconnect and SAML ?
I just tested with a customer, and the static Group policy in the config (at the very bottom of the page) does nothing.
It works fine in non-SAML ... how strange.
@PhilipDAth Hey Philip, you seemed pretty helpful wanted to ask you about this topic. I am trying to do Cisco AnyConnect w/ SAML authentication with Microsoft Azure.. do you know if this is still a limitation where group policy cannot be applied if SAML is being used?
And if it's not possible, is there any workaround for it? I was looking at Azure, and their conditional access policies don't support time-based restrictions.. which is what I'm trying to implement in group policy.
Our company has a requirement where VPN access has to be restricted from 8am-5pm.
>do you know if this is still a limitation where group policy cannot be applied if SAML is being used?
It is being worked on, but is not available today.
>Our company has a requirement where VPN access has to be restricted from 8am-5pm.
I haven't tried this - but try configuring the default AnyConnect group policy and put a schedule in there.
You might need to do something like configure the firewall rules to block everything, and then use the schedule to allow access.
It baffles me for how long SAML is already supported for AnyConnect, but group policy support has been missing ever since. It's just not a viable authentication mechanism if you would like to design separate access policies in Meraki dashboard. Hopefully the team at Secure Client puts this somewhere at the top of their list.
We're now headed in a different direction. Going with Fortigate for SSLVPN w/ SAML Authentication to O365. Without rules for vpn traffic, we can't continue to use Meraki.
Still eagerly awaiting this as well. Support for SAML assertion attributes, which can be used to make DAP policy selections, has been added in ASA 9.17 (almost 2 years ago!), but still no news on Meraki side. 😞