Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does AnyConnect SAML Authentication also authenticate user for Umbrella?

from_afar
Building a reputation
yesterday
yesterday

Does AnyConnect SAML Authentication also authenticate user for Umbrella?

If a user signs in to the VPN via SAML and Admin > Authentication > SAML authentication is configured and working, does a user signing in to the VPN authenticate them to Umbrella as well? I can't seem to find an answer in the docs and testing seems like it is not working that way. 

Labels:
0 Kudos
Subscribe
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
19 hours ago
19 hours ago

You don't say which Idp you are using, and the answer depends.  If the Idp is configured to allow it - then yes.

Subscribe
In response to PhilipDAth
from_afar
Building a reputation
14 hours ago
14 hours ago

Thanks for the reply.

 

by Idp do you mean identity provider? I have configured Azure SAML for admin login and that seems to work fine:

 

Screenshot 2024-09-30 at 9.25.06 AM.png 

 

I can log in to the admin dashboard via Azure. 

 

I have also configured SAML settings in deployment:

 

Screenshot 2024-09-30 at 9.46.13 AM.png

 

and when I "test" that configuration it says it passes. 

 

However, I can't find or see anything that identifies whether or not if a user authenticates via AnyConnect Azure SAML whether or not they will be authenticated to Umbrella and thus can have policies etc. applied to their Azure account. 

 

Does this Idp allow this? Is there somewhere I'm missing where this would get configured? 

 

Appreciate the help. 

0 Kudos
Subscribe
In response to from_afar
PhilipDAth
Kind of a big deal
Kind of a big deal
9 hours ago
9 hours ago

I can't find the specific document, but Cisco Secure Client reports to Umbrella who the currently logged in user is (nothing to do with VPN).  The user doesn't need to authenticate to Umbrella seperately.

 

In the Entra ID sync users to Umbrella document, it talks about the attributes that are required to be synced to allow this information to be sent.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.