Meraki

Community

AnyConnect SSO to Entra (Azure AD)

Solved
AlanAtNgāTaonga
Conversationalist
‎Feb 22 2024 2:58 PM
‎Feb 22 2024 2:58 PM

AnyConnect SSO to Entra (Azure AD)

Hi, I'm setting up remote worker VPN on some Windows laptops that are joined to Entra (Azure AD). We're using the AnyConnect app to connect to a MX75 'VPN server'.

 

The SAML connection is working, but I want something more like SSO. Is that possible using the AnyConnect client app?

 

Users can successfully use the AnyConnect app to connect to our MX75 using their Entra (Azure AD) credentials, but they have to type in their Azure AD username and password. Is it possible to set things up so that they don't need to type in their username? That the AnyConnect app 'gets that from the system' somehow?

 

This topic from 2018 suggests that this isn't possible. I'm hoping that feature has been added since then. https://community.cisco.com/t5/vpn/single-sign-on-with-anyconnect/td-p/3738521

 

Thanks and regards

Alan

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 3:30 PM
‎Feb 22 2024 3:30 PM

You need to open a support case, and ask them to set "Forceauthn= False" for SAML AnyConnect.

View solution in original post

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 3:30 PM
‎Feb 22 2024 3:30 PM

You need to open a support case, and ask them to set "Forceauthn= False" for SAML AnyConnect.

In response to PhilipDAth
Adrian4
Head in the Cloud
‎Feb 23 2024 12:53 AM
‎Feb 23 2024 12:53 AM

H Philip, is that something that needs to be added to the Azure App ?

Im not sure because I dont have access to ours and the guys at look after it have told me configuring autosign is not done at the Azure end (obviously wrong because the login prompt is a windows one - pretty sure they just fobed me off to close the ticket). Because I don't know Azure, I cant contradict them.

Could you let me know exactly where this is configured so I can tell them how to do it?

Thanks! 

0 Kudos
In response to Adrian4
jimmyt234
Building a reputation
‎Feb 23 2024 2:08 AM
‎Feb 23 2024 2:08 AM

This is a back-end Meraki setting that you will have no visibility of and need to ask Meraki support to set.

In response to jimmyt234
Adrian4
Head in the Cloud
‎Feb 23 2024 3:11 AM
‎Feb 23 2024 3:11 AM

ah brilliant, cheers

0 Kudos
In response to PhilipDAth
AlanAtNgāTaonga
Conversationalist
‎Feb 25 2024 3:39 PM
‎Feb 25 2024 3:39 PM

Hi Phil

 

That worked an absolute charm. Seems almost too good to be true! Now, if I log in to Windows with my MS365 ID, I can connect the AnyConnect VPN without any further authentication required. 

 

I'd up the kudos points by 100 if I could, but it'll only register one!

 

Thanks very much. I know where to come now if I need a Cisco consultant in New Zealand!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.