Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
5
Helpful
1
Replies

Using only SAML can you apply a per-user ACL for AnyConnect on ASA?

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-06-2022 08:52 PM

I'm using Cisco AnyConnect on ASA against Cisco Duo. SAML is being used for authentication.

 

Is there a SAML role I can push (from Duo) to apply a per-user ACL (like a RADIUS Filter-Id), instead of having to use some other authorisation option like RADIUS or Dynamic Access Policy?

Labels:
1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎03-11-2022 03:24 PM

Hi @Philip D'Ath,

As far as I know, no, this is not possible. Reason for this is that ASA can't use attributes received in token for authorization.

I'm always using SAML for atuhentication, with additional authorize-only RADIUS server (almost always ISE).

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents