Hi all, we've recently transitioned from Cisco AnyConnect to Meraki AnyConnect and still have the age-old issue of users unable to change their passwords if it has expired before the next time they log in to the VPN.
Question: Is it possible to inform the user that their password has expired when they go to log into the VPN and ALSO allow them to change it at that time?
On Meraki you don't have the option to configure It. Have you tried to open a support case?
So is the answer that I don't have the option to configure it? Or that I need to open a support case? Sorry, but unless you have a definitive answer, I'd like to hear from anyone who actually knows.
On Meraki you don't have the option to configure It.
Anyconnect has limited options on Meraki.
I suggested opening a case just to make Meraki a wish. Good luck. 😉
Please stop. I've already received 4 notifications from the thread, I didn't need an additional private message to know that you've responded here.
I'm just trying to help you. 😅
If you are using RADIUS or AD Authentication - no.
If you use SAML, and your SAML provider supports changing the password - yes. I use SAML for 99% of my AnyConnect deployments these days.
Cisco Duo can do it (if enabled): https://help.duo.com/s/article/5797?language=en_US
Azure AD can do it (it enabled): https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
I don't know about other SAML providers. These are the two I do.
Duo is 100 times simpler.