Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AnyConnect VPN SSO

Solved
Adrian4
A model citizen
‎Jan 15 2024 8:10 AM
‎Jan 15 2024 8:10 AM

AnyConnect VPN SSO

Hello,

I have just configured a virtual MX in AWS as a VPN endpoint for AnyConnect using SAML SSO in Azure.

It all seems to be working nicely however, every time I connect, it asks me to enter my username. I enter it, it does the MFA and I'm in.


Annoyingly it doesn't remember my username between connections. Is there any setting anywhere so that it either remembers and auto populates the username, or just doesn't ask at all and goes straight to MFA?


Our Azure is administered by a Group level IT dept (I don't have access) - any they tell me there is nothing in the Azure app that effects this 😞

Any ideas?

Cheers.

0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 15 2024 11:12 AM
‎Jan 15 2024 11:12 AM

If you use SAML for authentication, it can be cached.  It's not actually AnyConnect caching it then but whatever Idp you are using.

View solution in original post

Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 15 2024 8:14 AM
‎Jan 15 2024 8:14 AM

The AnyConnect does not have the capability to remember usernames between connections. This is a security measure to prevent sensitive information from being stored.

But, the AnyConnect does have an option to not cache the last username used. This can be found under the RestrictPreferenceCaching setting in the AnyConnectLocalPolicy.xml file.


AnyConnect Connection Profile - Clear Username - Cisco Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Adrian4
A model citizen
‎Jan 15 2024 8:43 AM
‎Jan 15 2024 8:43 AM

that sounds a bit odd, it doesnt have the ability to remember usernames but you can set an option to stop it remembering usernames?

The discussion you linked seem'd to imply that it can cache user names....

Adrian4_0-1705336961420.png


having said that - the username prompt very much looks like a Microsoft challenge rather than a Cisco generated one - I assume because of the single sign on method we are using.

 

0 Kudos
Subscribe
In response to Adrian4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 15 2024 8:48 AM
‎Jan 15 2024 8:48 AM

Here is the offcial documentation.

 

 

 

 

Supported features

Q. Is it possible to save the password credentials on AnyConnect so that it will not request authentication from the user (password storage feature)?

A. No, it is not possible to save the password credentials on AnyConnect.

 

Perhaps, there is a workaround? Maybe, but for security reasons I advise you to keep it as is.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 15 2024 11:12 AM
‎Jan 15 2024 11:12 AM

If you use SAML for authentication, it can be cached.  It's not actually AnyConnect caching it then but whatever Idp you are using.

Subscribe
In response to PhilipDAth
Adrian4
A model citizen
‎Jan 16 2024 12:12 AM
‎Jan 16 2024 12:12 AM

Ah I thought it was something like that - I asked the guys that look after Azure but they said no 😕

cheers!

0 Kudos
Subscribe
In response to PhilipDAth
AlanAtNgāTaonga
Conversationalist
‎Feb 22 2024 3:18 PM
‎Feb 22 2024 3:18 PM

Kia ora Philip

 

We've talked a bit already on this subject. Thanks very much for your helpfulness.

 

Here's where I'm at now: https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SSO-to-Entra-Azure-AD/m-p/226242

 

If you use SAML for authentication, it can be cached

 

How can I turn on the caching of credentials? It's not happening now, although the SAML connection does work fine when the user types in their credentials.

 

Thanks and regards

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.