Feitian token integrate with DUO Cisco Anyconnect failed

kkhee1 · ‎11-16-2021

Hi All,

I purchased a FeiTian hardware token (model:A4B). Can this hardware token be used on Cisco Anyconnect, because I have tried many ways but it still doesn’t work. Can anyone provide guideline to me?

Thank You

DuoKristina · ‎11-17-2021

It looks like the Feitian A4B is a U2F/WebAuthn only security key, and does not support OTP passcode generation.

Today it is not possible to use a U2f/WebAuthn security key with the AnyConnect desktop client. This is a limitation of it using the OS system browser on Windows and macOS. We expect this functionality to work in a future version of AnyConnect, but do not have details yet.

This Duo KB article has details about which Cisco VPN configurations and client access methods work with U2f/WebAuthn.

If you want a Feitian security key that will work with the AnyConnect client and Duo 2FA today, something like the K9, which supports both Event OTP (HOTP) and FIDO2 is a good choice. Then you would import it into Duo as an OTP hardware token and assign it to your user to use for generating passcodes when you log into AnyConnect.

Duo, not DUO.

kkhee1 · ‎11-23-2021

Hi Kristina,

I find the the Fei Tian A4B spec is support OATH HOTP. So does mean can support in AnyConnect client and Duo 2FA?

DuoKristina · ‎11-23-2021

Ah, interesting that Feitian does not mention the HOTP support on the A4B product page.

Yes, if the A4B is capable of generating HOTP passcodes and you are able to obtain the serial and secret information required to import the token into Duo, then you could use it to generate passcodes for AnyConnect.

Duo, not DUO.