Ooof. I hate that this is accurate. We utilize the Azure MFA with NPS extension that works really well for our use case but trying to stay up to standard with MFA is challenging. We dont have a central VPN location and have multiple locations so the cost value of using a separate FTD does not fit our use case. I am wondering why the AnyConnect implementation is not as full featured as the FTD? I am trying to keep everything meraki but our company is starting to leverage fortigate and that breeds a new group of problems. The FTDs having to have a complementing server is just not a good solution for a multiple remote site company as we have the costs would completely remove that as an option.

I hear you.  I believe alas this falls under the feature request button but doubtful this will be implemented since they are more and more going full cloud.  It also took them a few years to actually implement the Anyconnect features we have so far.  It used to be only l2tp/IPsec.

According to a private beta screenshot provided by Philip there will be SAML support with group policies in the future.  And also the SASE solution has Anyconnect integration and I believe that is also fully in the SAML or Cloud idP camp without radius.

Do you know if there is an active feature request? I found that group hard to query to know if its been requested. 

SAML with group polices is a huge help though. I have more customers wanting this solution. We need the group policies (especially in radius) as this is how we secure our VPN access for vendors. Thank you for your quick responses today. Been managing meraki devices for about 7 years now and never used the forums.

For that you need to talk to a account manager or someone within Cisco Meraki.

For the group policies you could also ask if you want to be included in that private beta if you have a testing network of course or an adventurous client 😉