Meraki

Community

Client VPN and Azure AD

Solved
Aiv
Just browsing
‎May 17 2019 6:24 AM
‎May 17 2019 6:24 AM

Client VPN and Azure AD

Hi All 

 

I have a question that I hope someone can help me with since I cant find the answer. 

 

I have a MX84 that has Client VPN enabled. For VPN authentication we use Meraki Cloud which is fine. But now I got a request asking to be able to use same login credential as we use for Azure AD ( office 365).

 

Is there any way to set this up without having to use RADIUS server?  I know there is possibility to use SAML set up to acces the dashboard and assign roles. Would it be possible to use something like that for Client VPN authentication? 

 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 17 2019 1:45 PM
‎May 17 2019 1:45 PM

I want to tell you the answer is "no".

 

However if you enjoy a lot of grief it should be possible using a RADIUS proxy solution.  I think Jump Cloud is quite well known in this space:

https://jumpcloud.com/

 

But if it was me I would tell the person making the request "no".  But that's me.  I don't like lots of complexity and grief.

View solution in original post

7 Replies 7
Nash
Kind of a big deal
‎May 17 2019 6:35 AM
‎May 17 2019 6:35 AM

So to confirm, your only source of AD is Azure AD? You do not have an on-premises AD that syncs to Azure?

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
Aiv
Just browsing
‎May 17 2019 6:39 AM
‎May 17 2019 6:39 AM

Yes that is 100% correct.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 17 2019 1:45 PM
‎May 17 2019 1:45 PM

I want to tell you the answer is "no".

 

However if you enjoy a lot of grief it should be possible using a RADIUS proxy solution.  I think Jump Cloud is quite well known in this space:

https://jumpcloud.com/

 

But if it was me I would tell the person making the request "no".  But that's me.  I don't like lots of complexity and grief.

In response to PhilipDAth
Aiv
Just browsing
‎May 17 2019 11:55 PM
‎May 17 2019 11:55 PM

Hi Philip,

 

Oow wel, it's what I had expected I just could not find a clear answer if it was Yes or No. 

 

Normally I do like a good challenge but for the few managers that need this I don't se a point in doing it. 

0 Kudos
HenrySwartout
New here
‎Dec 12 2019 9:40 AM
‎Dec 12 2019 9:40 AM

The answer is "Yes". 

 

Using on-prem Active Directory which is synced with Azure AD.

 

Setup the Client VPN to authenticate with on-prem AD.

 

Henry

0 Kudos
APro
New here
‎Sep 23 2020 1:27 AM
‎Sep 23 2020 1:27 AM

The plain answer is probable "No"

 

Just to add to this solution. 

 

We've been using a cloud solution from Portnox to achieve just that (Using their cloud radius - so no setup!), we also use their embedded MFA for the authentication of the Azure AD users over the VPN. 

 

Check it out: https://clear.portnox.com  I think there is a free trial and it's quite easy to setup yourself. 

 

I think this is the details about their solution: https://www.portnox.com/use-cases/remote-access/ 

0 Kudos
Reinout
Here to help
‎Nov 1 2021 2:14 AM
‎Nov 1 2021 2:14 AM

I know its an old question, however we had the same problem where we wanted to provide the users the possibility to use their known credentials they used from Office 365. In Azure we enabled Domain services. After that we could just use their accounts by saying to Meraki we had AD.

 

Btw... Azure Domain Services will cost you about 93 euro per month 🙂 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.