Meraki

Community

Cisco Secure Client on Meraki MX - Use external browser for SAML auth

JonnyM
Getting noticed
‎Aug 22 2024 5:31 AM
‎Aug 22 2024 5:31 AM

Cisco Secure Client on Meraki MX - Use external browser for SAML auth

On the ASA platform it's documented how to do this here:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/vpn/asa-917-vpn-config/vpn-a...

 

I have access to the various Secure Client downloads including the current latest version of the file external-sso-5.1.5.65-webdeploy-k9.pkg, but obviously the Meraki MX is not an ASA. Is there a way to have the SAML auth dialog presented to the user with the default system browser instead of a web view, so they can do things like SSO or use passkeys etc? 

Labels:
3 Replies 3
JamesHammy
New here
Monday
Monday

I'd be interested to see if you made any progress with this? We are just embarking on a Meraki Cisco Secure Connect+ SD-WAN environment, connecting multiple MX devices at our sites and the lack of token/caching on the WebView2 embedded browser creates a poot user experience as they have to explicitly login every single time.

 

If it used their default browser (Chrome/Edge), it would log them straight in without any input.

 

FYI, even with the embedded/WebView2 browser, SSO and passkeys (Windows Hello with PIN/Face/Fingerprint) work just fine. It's still annoying that the seamless SSO doesn't work though.

 

I can't see anywhere to alter which browser the Secure Client uses... I'm guessing the Meraki environment is a little more stripped down.

0 Kudos
In response to JamesHammy
JonnyM
Getting noticed
Monday
Monday

Nothing has changed, and that time since August has passed by quickly. I opened a support ticket with Meraki and linked to this post and they said that basically that's how it is and it can't be changed.

 

In the network I was building this out for it was a company that had standardised on Chrome as their browser, so the SAML auth popping open a Chrome tab where they were already logged in would have been great, the WebView2 flow interrupts them more but I've not had any complaints, though I've not told them it could be better either.

0 Kudos
JamesHammy
New here
Monday
Monday

Hmm, that's not great news. Thanks though!

 

I guess that's the tack we will have to take then. Don't over-promise and under-deliver, and all that...

 

Our challenge is that our outgoing VPN uses a built-in browser that does save credentials and behaves exactly like it would if it authenticated via native Chrome/Edge so we're being forced to take a step backwards in terms of user experience.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.