Hello,
I have just configured a virtual MX in AWS as a VPN endpoint for AnyConnect using SAML SSO in Azure.
It all seems to be working nicely however, every time I connect, it asks me to enter my username. I enter it, it does the MFA and I'm in.
Annoyingly it doesn't remember my username between connections. Is there any setting anywhere so that it either remembers and auto populates the username, or just doesn't ask at all and goes straight to MFA?
Our Azure is administered by a Group level IT dept (I don't have access) - any they tell me there is nothing in the Azure app that effects this 😞
Any ideas?
Cheers.
Solved! Go to solution.
If you use SAML for authentication, it can be cached. It's not actually AnyConnect caching it then but whatever Idp you are using.
The AnyConnect does not have the capability to remember usernames between connections. This is a security measure to prevent sensitive information from being stored.
But, the AnyConnect does have an option to not cache the last username used. This can be found under the RestrictPreferenceCaching setting in the AnyConnectLocalPolicy.xml file.
AnyConnect Connection Profile - Clear Username - Cisco Community
that sounds a bit odd, it doesnt have the ability to remember usernames but you can set an option to stop it remembering usernames?
The discussion you linked seem'd to imply that it can cache user names....
having said that - the username prompt very much looks like a Microsoft challenge rather than a Cisco generated one - I assume because of the single sign on method we are using.
Here is the offcial documentation.
A. No, it is not possible to save the password credentials on AnyConnect.
Perhaps, there is a workaround? Maybe, but for security reasons I advise you to keep it as is.
If you use SAML for authentication, it can be cached. It's not actually AnyConnect caching it then but whatever Idp you are using.
Ah I thought it was something like that - I asked the guys that look after Azure but they said no 😕
cheers!
Kia ora Philip
We've talked a bit already on this subject. Thanks very much for your helpfulness.
Here's where I'm at now: https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-SSO-to-Entra-Azure-AD/m-p/226242
> If you use SAML for authentication, it can be cached
How can I turn on the caching of credentials? It's not happening now, although the SAML connection does work fine when the user types in their credentials.
Thanks and regards
Did you find a solution? I'm seeing the stay signed prompt from microsoft:
But when answering yes, I still go through the enter login process with every subsequent connection.
Hi TEAM-ind
> > If you use SAML for authentication, it can be cached
> How can I turn on the caching of credentials?
This is what I was told: "This is a back-end Meraki setting that you will have no visibility of and need to ask Meraki support to set."
That doesn't sound very promising, but that's exactly what I did, requesting that configuration change via the Meraki support channel, and now it works perfectly. Connects every time, without needing to enter credentials.
I hope that helps.
Manaakitanga!
Alan