Client VPN and Azure AD

SOLVED
Aiv
Just browsing

Client VPN and Azure AD

Hi All 

 

I have a question that I hope someone can help me with since I cant find the answer. 

 

I have a MX84 that has Client VPN enabled. For VPN authentication we use Meraki Cloud which is fine. But now I got a request asking to be able to use same login credential as we use for Azure AD ( office 365).

 

Is there any way to set this up without having to use RADIUS server?  I know there is possibility to use SAML set up to acces the dashboard and assign roles. Would it be possible to use something like that for Client VPN authentication? 

 

 

 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I want to tell you the answer is "no".

 

However if you enjoy a lot of grief it should be possible using a RADIUS proxy solution.  I think Jump Cloud is quite well known in this space:

https://jumpcloud.com/

 

But if it was me I would tell the person making the request "no".  But that's me.  I don't like lots of complexity and grief.

View solution in original post

7 REPLIES 7
Nash
Kind of a big deal

So to confirm, your only source of AD is Azure AD? You do not have an on-premises AD that syncs to Azure?

Aiv
Just browsing

Yes that is 100% correct.

PhilipDAth
Kind of a big deal
Kind of a big deal

I want to tell you the answer is "no".

 

However if you enjoy a lot of grief it should be possible using a RADIUS proxy solution.  I think Jump Cloud is quite well known in this space:

https://jumpcloud.com/

 

But if it was me I would tell the person making the request "no".  But that's me.  I don't like lots of complexity and grief.

Hi Philip,

 

Oow wel, it's what I had expected I just could not find a clear answer if it was Yes or No. 

 

Normally I do like a good challenge but for the few managers that need this I don't se a point in doing it. 

HenrySwartout
New here

The answer is "Yes". 

 

Using on-prem Active Directory which is synced with Azure AD.

 

Setup the Client VPN to authenticate with on-prem AD.

 

Henry

APro
New here

The plain answer is probable "No"

 

Just to add to this solution. 

 

We've been using a cloud solution from Portnox to achieve just that (Using their cloud radius - so no setup!), we also use their embedded MFA for the authentication of the Azure AD users over the VPN. 

 

Check it out: https://clear.portnox.com  I think there is a free trial and it's quite easy to setup yourself. 

 

I think this is the details about their solution: https://www.portnox.com/use-cases/remote-access/ 

Reinout
Here to help

I know its an old question, however we had the same problem where we wanted to provide the users the possibility to use their known credentials they used from Office 365. In Azure we enabled Domain services. After that we could just use their accounts by saying to Meraki we had AD.

 

Btw... Azure Domain Services will cost you about 93 euro per month 🙂 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels