cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AnyConnect SAML Group Policy assignment

Ruben2
Here to help
‎01-17-2022 10:57 AM
‎01-17-2022 10:57 AM

AnyConnect SAML Group Policy assignment

Does anyone know of a way to assign a group policy to a VPN Session via SAML Authentication?

 

With radius Authentication you can pass back an attribute that would put the VPN Session into a Group Policy.

Is this possible with SAML Authentication as well?

Labels:
Subscribe
14 REPLIES 14
Inderdeep
Kind of a big deal
Kind of a big deal
‎01-17-2022 11:00 AM
‎01-17-2022 11:00 AM

@Ruben2 : check this out 

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance/Authentication 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎01-17-2022 04:14 PM
‎01-17-2022 04:14 PM

You can't do it ... yet.

0 Kudos
Subscribe
In response to PhilipDAth
Lukef
Here to help
‎05-09-2022 12:38 AM
‎05-09-2022 12:38 AM

Is this still the case?

0 Kudos
Subscribe
In response to Lukef
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-09-2022 01:01 AM
‎05-09-2022 01:01 AM

It is still the case.

Subscribe
In response to PhilipDAth
joaro
Conversationalist
‎01-25-2023 11:40 PM
‎01-25-2023 11:40 PM

@PhilipDAth 
Do you know if there is an update to this?

0 Kudos
Subscribe
In response to joaro
PhilipDAth
Kind of a big deal
Kind of a big deal
‎01-25-2023 11:49 PM
‎01-25-2023 11:49 PM

It is still a work in progress.

Subscribe
In response to PhilipDAth
thomasthomsen
Head in the Cloud
‎07-01-2022 04:09 AM
‎07-01-2022 04:09 AM

".... yet" ... have you heard anything about this being talked about ? 🙂

0 Kudos
Subscribe
In response to thomasthomsen
PhilipDAth
Kind of a big deal
Kind of a big deal
‎07-05-2022 04:33 PM
‎07-05-2022 04:33 PM

Alas it is still a work in progress.

0 Kudos
Subscribe
thomasthomsen
Head in the Cloud
‎07-01-2022 06:57 AM
‎07-01-2022 06:57 AM

have anyone noticed that this (Group Policy) does not even work statically with anyconnect and SAML ?

I just tested with a customer, and the static Group policy in the config (at the very bottom of the page) does nothing.

It works fine in non-SAML ... how strange.

0 Kudos
Subscribe
El-Bandito
Conversationalist
‎03-30-2023 11:32 AM
‎03-30-2023 11:32 AM

@PhilipDAth   Hey Philip,  you seemed pretty helpful wanted to ask you about this topic.   I am trying to do Cisco AnyConnect w/ SAML authentication with Microsoft Azure..  do you know if this is still a limitation where group policy cannot be applied if SAML is being used? 

And if it's not possible, is there any workaround for it?  I was looking at Azure, and their conditional access policies don't support time-based restrictions.. which is what I'm trying to implement in group policy. 

Our company has a requirement where VPN access has to be restricted from 8am-5pm.  

0 Kudos
Subscribe
In response to El-Bandito
PhilipDAth
Kind of a big deal
Kind of a big deal
‎03-30-2023 11:58 AM
‎03-30-2023 11:58 AM

>do you know if this is still a limitation where group policy cannot be applied if SAML is being used? 

 

It is being worked on, but is not available today.

 

>Our company has a requirement where VPN access has to be restricted from 8am-5pm.

 

I haven't tried this - but try configuring the default AnyConnect group policy and put a schedule in there.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

You might need to do something like configure the firewall rules to block everything, and then use the schedule to allow access.

 

0 Kudos
Subscribe
In response to PhilipDAth
MichielQ
Conversationalist
‎04-06-2023 05:54 AM
‎04-06-2023 05:54 AM

It baffles me for how long SAML is already supported for AnyConnect, but group policy support has been missing ever since. It's just not a viable authentication mechanism if you would like to design separate access policies in Meraki dashboard. Hopefully the team at Secure Client puts this somewhere at the top of their list.

Subscribe
El-Bandito
Conversationalist
‎04-06-2023 08:00 AM
‎04-06-2023 08:00 AM

We're now headed in a different direction.  Going with Fortigate for SSLVPN w/ SAML Authentication to O365.  Without rules for vpn traffic, we can't continue to use Meraki.

Subscribe
znet
Conversationalist
‎04-07-2023 02:26 AM
‎04-07-2023 02:26 AM

We are waiting for this very important function too and hope that meraki will implement this soon!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki