Duo Single Sign-On for Cisco ASA and FTD with AnyConnect

Vishal6 · ‎04-12-2024

Hi All,

Can we use Azure AD as a Primary authentication for Duo Single Sign-On for Cisco ASA and FTD with AnyConnect. Also let me know where we can Entra ID as the authentication source for SSO

Pulkit Mittal · ‎04-12-2024

Yes, you can use Azure AD as SAML for Duo Single Sign-on. Follow the steps from here. I have implemented this without any issues.

Configure (Entra ID) Azure AD as your Authentication Source. This will serve the purpose of validating the primary authentication.

Then configure the ASA for Duo single sign-on or FTD for single sign-on.

If you find this useful, please mark if helpful and accept the solution.

Vishal6 · ‎04-15-2024

Do we required Auth Proxy server for Azure AD as a Primary authentication for Duo Single Sign-On ?

Pulkit Mittal · ‎04-15-2024

No, you don't.

I have implemented the above without an authentication proxy server. Just with the azure ad.

MHM Cisco World · ‎04-15-2024

https://community.cisco.com/t5/network-security/intigration-duo-with-cisco-firepower-threat-defense-ftd-vpn-with/td-p/4149143

Check this

MHM

Vishal6 · ‎04-15-2024

Thanks for sharing the details.

Means just following link you have shared previously we'll able to complete the SSO process, apart from that nothing more required ?

Pulkit Mittal · ‎04-15-2024

Do you have the users sync in duo?

If not, then use this, https://duo.com/docs/azuresync

Vishal6 · ‎04-25-2024

Hi Pulkit,

One last question, do i need to follow below link for succesfull integration of Duo Single Sign-On for Cisco ASA with AnyConnect.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configure-asa-anyconnect-vpn-with-micros.html

thanks in advance.