Meraki

Community

Duo MFA for Meraki Cloud Authenticated users?

Solved
WarrenG
Getting noticed
‎Mar 13 2024 10:27 AM
‎Mar 13 2024 10:27 AM

Duo MFA for Meraki Cloud Authenticated users?

Is it possible to use Duo to require MFA for Meraki Cloud Authenticated users while using Meraki Client VPN? Specifically we need to use the AnyConnect option with Meraki Cloud Authenticated users, but need to be able to protect that connection further with MFA. Is this scenario possible?

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 13 2024 12:33 PM
‎Mar 13 2024 12:33 PM

No.

 

You could use AnyConnect and Duo, and authenticate against Office 365.  I would use this option.

 

You could use a machine running inside of the network running the Duo Auth proxy and configure the MX to do RADIUS against it, and have the auth proxy configured to do MFA only.

This would result in the username+MFA being used, but the password being ignored.

View solution in original post

4 Replies 4
Inderdeep
Kind of a big deal
Kind of a big deal
‎Mar 13 2024 10:36 AM
‎Mar 13 2024 10:36 AM

@WarrenG Check this one out may help 

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
In response to Inderdeep
WarrenG
Getting noticed
‎Mar 13 2024 10:38 AM
‎Mar 13 2024 10:38 AM

So the answer is no then?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 13 2024 12:33 PM
‎Mar 13 2024 12:33 PM

No.

 

You could use AnyConnect and Duo, and authenticate against Office 365.  I would use this option.

 

You could use a machine running inside of the network running the Duo Auth proxy and configure the MX to do RADIUS against it, and have the auth proxy configured to do MFA only.

This would result in the username+MFA being used, but the password being ignored.

In response to PhilipDAth
WarrenG
Getting noticed
‎Mar 13 2024 12:39 PM
‎Mar 13 2024 12:39 PM

Thanks PhilipDAth. If the answer to my question is no, then that's what I was looking for. I know about the other options, but they are not viable for what I'm needing in this specific case.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.