ASA-Anyconnect OktaSAML DuoMFA Integration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi this demo shows you the user logon experience with any connect logging in through octa sam'l single sign-on and also it's going to show you the configuration of the aasa' with the through the octa-core ttle so let's start by taking a look at the user experience so here I have a nanny connects and they remind the other modules I'm anyconnect VPN I'm connecting to my octa tunnel goo that's been configured in my a sa so I'm gonna hit connect and here now I'm being taken through the workflow and this is integrated through the octa sam'l authentication portal so this is my customized page my picture so I'm gonna log in with my name here okay and then now next I am being taken through the duo multi-factor authentication that I also configure through the octave portal so it's part of the flow process and this is the second factor authentication and then on my phone here I got a pop-up so asking for approval and I hit YES on my phone there is now I'm done past authentication and here is the banner for my Annie connect the octet tunnel group yeah I hit accept and the VPN is done I am connected here okay and posture are still going on the background but that's not important here really it's just the connection is done from a VPN perspective so now let's move over to the na Connect side here and let's take a look how did I do this on the in a clinic so obviously from a remote access perspective I connected a configured a tunnel group and I call it cloud RDP octa so I'm going to edit this and I chose sam'l as the authentication method and then this is a sam'l provider ok and then everything else is how you would normally configure a are a VPN pool and groups and things now my assemble this is the tricky be the symbol server here if you click manage as part of the single sign-on server configuration so I have an entry for octa and I edit this one and hit OK and these are there's a bunch of feel for Sun on URL sign out URL base URL which is the aasa' fully qualified domain name the identity certificate of the octet portal and then the server service provider certificate which is the aasa' itself to the octet so AZ is like a service provider and that's the identity certificate of the aasa' that I got signed what my local Windows a CA server ok so these parameters come from the octet portal and let me show you that and really so you'll have to log into your occipital and here's just my trial account through the octa and in my account if you log in you go into the the application so here it is so I created one called Cisco AAS a sam'l authentication or a configuration here if I drill into it that's the assignment let's go on to the sign-on menu here and that saw non menu shows a bunch of settings and octa portal does a very good job providing instructions so for example to set this up you can hit the view set of instructions which I have open in the second tab here so if you click on that view set of instructions it gives you a full step-by-step how to configure if your CLI etc all the commands are here and you'll have to grab this certificate this is the octa signing portal here CA pour a certificate that you'll need to import into the aasa' ok and the rest of the configurations are all here and this is just again that's just instructions so you'll fill out a certificate you file these fields and here's even one very unique to your portal if you click on the identity provider metadata which I opened up here and another tab and these are fields like the log out service URL sign on URL these are the fields that you'll need in the in the aasa' that I just showed you right when I configure this base field so you'll just need to map them into each of these fields and just follow the instructions so it is pretty easy I had to set it up very quickly just matching the parameters and after worst that's pretty much it so you can see here if I take a look at the VPN I have my je Luna Cisco authentication name from the octave portal and group policy of any and neck tunnel up then even if I go into the octa portal I can take a look at security as an example because I showed you earlier my authentication was also integrated with dual multi-factor authentication so I integrated my duo security here and if I edit this neither see here oh yeah here we go I go to the deal security these are the security keys that you acquire from your duo portal to put into here to integrate with octa and last is the reports if you go to the reports section and go to authentication activity you will see bunch of authentication that I've done or that you've done successful authentication via the octave portal as well as the multi-factor authentication okay hopefully this gives you a good overview of how to configure a SI with octa sam'l and do a multi-factor authentication
Info
Channel: Ciscolive Security Fan
Views: 1,228
Rating: undefined out of 5
Keywords: Anyconnect Okta SAML and Duo MFA
Id: 9_Yx0wIBdS4
Channel Id: undefined
Length: 6min 38sec (398 seconds)
Published: Wed Mar 25 2020
Related Videos
Anyconnect 4.9 SAML authentication with FTD 6.7 and Okta IDP
Ciscolive Security Fan
554
Anyconnect Management Tunnel + User Tunnel (Okta SAML+DuoMFA) demo
Ciscolive Security Fan
680
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
WebAuthn 101 - Demystifying WebAuthn
Black Hat
8.7K
DUO MFA & Microsoft Login/RDP
Aaron McDaniel
1.3K
FTD 6.7.0-65 Anyconnect Integration with Azure SAML
Ciscolive Security Fan
3.8K
How to Install Duo Security 2FA for Cisco ASA SSL VPN using LDAP
Duo Security
21K
Cisco Anyconnect client SAML Authentication with Duo Single Sign-On
Ciscolive Security Fan
992
Cisco Anyconnect integration with Azure AD
Cisco Secure Firewall
10K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.