Meraki

Community

Multiple user groups or IP pools for AnyConnect using Azure AD SAML

Solved
harmankardon
Building a reputation
‎May 29 2024 10:47 AM
‎May 29 2024 10:47 AM

Multiple user groups or IP pools for AnyConnect using Azure AD SAML

Hi all,

 

Looking to find out if there is anything new in the art of per-user access control for AnyConnect VPN, i.e. user groups or multiple IP pools etc... when using AnyConnect and Azure AD SAML auth.

 

In short, I'd like to apply a specific set of L3 firewall rules to some but not all AnyConnect users.

 

I know about the group policy method in which you wait till the user connects, find them in the Clients list and then apply the policy, but that is tedious and I believe has to be re-done if they age-out of the client list.

 

I also know there is a way of doing this using the Filter-Id attribute if you are using RADIUS auth, but nothing like that for SAML auth as far as I can tell.

0 Kudos
1 Accepted Solution
jimmyt234
A model citizen
‎Jun 4 2024 12:14 AM
‎Jun 4 2024 12:14 AM

There is a private beta for Azure SAML group policy matching based on responses from the IdP - email meraki-anyconnect-beta@cisco.com to request they enable the feature on your MX.

View solution in original post

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
‎Jun 3 2024 10:36 AM
‎Jun 3 2024 10:36 AM

The only way is to use the filter-ID via Radius.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
jimmyt234
A model citizen
‎Jun 4 2024 12:14 AM
‎Jun 4 2024 12:14 AM

There is a private beta for Azure SAML group policy matching based on responses from the IdP - email meraki-anyconnect-beta@cisco.com to request they enable the feature on your MX.

0 Kudos
In response to jimmyt234
harmankardon
Building a reputation
‎Jun 10 2024 4:25 AM
‎Jun 10 2024 4:25 AM

Interesting, this is the first I've heard of this, thanks for the heads up. Have you been using this beta feature and what are your thoughts on it?

0 Kudos
In response to harmankardon
jimmyt234
A model citizen
‎Jun 10 2024 5:07 AM
‎Jun 10 2024 5:07 AM

Unfortunately I never got as far as trying it!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.