Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki AnyConnect VPN & Expired AD Passwords

e39_540i
Getting noticed
‎Nov 15 2022 7:26 AM
‎Nov 15 2022 7:26 AM

Meraki AnyConnect VPN & Expired AD Passwords

Hi all, we've recently transitioned from Cisco AnyConnect to Meraki AnyConnect and still have the age-old issue of users unable to change their passwords if it has expired before the next time they log in to the VPN.

 

Question: Is it possible to inform the user that their password has expired when they go to log into the VPN and ALSO allow them to change it at that time?

0 Kudos
Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 7:39 AM
‎Nov 15 2022 7:39 AM

On Meraki you don't have the option to configure It. Have you tried to open a support case?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
e39_540i
Getting noticed
‎Nov 15 2022 7:44 AM
‎Nov 15 2022 7:44 AM

So is the answer that I don't have the option to configure it? Or that I need to open a support case? Sorry, but unless you have a definitive answer, I'd like to hear from anyone who actually knows.

0 Kudos
Subscribe
In response to e39_540i
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 7:47 AM
‎Nov 15 2022 7:47 AM

On Meraki you don't have the option to configure It.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 7:49 AM
‎Nov 15 2022 7:49 AM

Anyconnect has limited options on Meraki.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 7:51 AM
‎Nov 15 2022 7:51 AM

I suggested opening a case just to make Meraki a wish. Good luck. 😉

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
e39_540i
Getting noticed
‎Nov 15 2022 7:58 AM
‎Nov 15 2022 7:58 AM

e39_540i_0-1668527902977.png

Please stop. I've already received 4 notifications from the thread, I didn't need an additional private message to know that you've responded here.

0 Kudos
Subscribe
In response to e39_540i
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 8:02 AM
‎Nov 15 2022 8:02 AM

I'm just trying to help you. 😅

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 15 2022 6:08 PM
‎Nov 15 2022 6:08 PM

If you are using RADIUS or AD Authentication - no.

 

If you use SAML, and your SAML provider supports changing the password - yes.  I use SAML for 99% of my AnyConnect deployments these days.

 

Cisco Duo can do it (if enabled): https://help.duo.com/s/article/5797?language=en_US

Azure AD can do it (it enabled): https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

I don't know about other SAML providers.  These are the two I do.

 

Duo is 100 times simpler.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.