Meraki AnyConnect VPN & Expired AD Passwords

e39_540i
Getting noticed

Meraki AnyConnect VPN & Expired AD Passwords

Hi all, we've recently transitioned from Cisco AnyConnect to Meraki AnyConnect and still have the age-old issue of users unable to change their passwords if it has expired before the next time they log in to the VPN.

 

Question: Is it possible to inform the user that their password has expired when they go to log into the VPN and ALSO allow them to change it at that time?

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

On Meraki you don't have the option to configure It. Have you tried to open a support case?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
e39_540i
Getting noticed

So is the answer that I don't have the option to configure it? Or that I need to open a support case? Sorry, but unless you have a definitive answer, I'd like to hear from anyone who actually knows.

alemabrahao
Kind of a big deal
Kind of a big deal

On Meraki you don't have the option to configure It.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Anyconnect has limited options on Meraki.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

I suggested opening a case just to make Meraki a wish. Good luck. 😉

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
e39_540i
Getting noticed

e39_540i_0-1668527902977.png

Please stop. I've already received 4 notifications from the thread, I didn't need an additional private message to know that you've responded here.

alemabrahao
Kind of a big deal
Kind of a big deal

I'm just trying to help you. 😅

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are using RADIUS or AD Authentication - no.

 

If you use SAML, and your SAML provider supports changing the password - yes.  I use SAML for 99% of my AnyConnect deployments these days.

 

Cisco Duo can do it (if enabled): https://help.duo.com/s/article/5797?language=en_US

Azure AD can do it (it enabled): https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

I don't know about other SAML providers.  These are the two I do.

 

Duo is 100 times simpler.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels