![]() This also extends Duo Passwordless to An圜onnect client logins.ĭuo Single Sign-On is our cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of Cisco Firepower logins. With all requirements in place, Firepower RA VPN SSO logins launch in the client's external browser instead of an embedded browser, allowing WebAuthn functionality in the Duo Universal Prompt. Duo Universal Prompt is enabled for the Duo SSO Cisco ASA integration as noted in the setup instructions in this document.Access devices use An圜onnect 5 or later. ![]() ![]() The RA VPN connection profile SAML Login Experience has Default OS Browser enabled.The device has been updated to Firepower 7.1.0 firmware or later.The FTD SAML login experience supports use of Duo WebAuthn authentication methods like Touch ID and security keys for An圜onnect client logins under the following conditions: Trusted Endpoints detection which does not rely on certificates has no dependency on a specific An圜onnect app version. Trusted Endpoints Supportīe aware of these An圜onnect client minimum version requirements for Duo's Trusted Endpoints certificate detection. Add Duo protection to earlier Firepower versions with our Cisco Firepower RADIUS with An圜onnect configuration. Prior versions of FTD/FMC and An圜onnect do not support SAML login or use a different browser experience. Minimum Supported FTD/FMC and An圜onnect VersionsĬisco Firepower SSO requires FTD/FMC version of 6.7.0 or higher, plus An圜onnect 4.6 or later. The instructions also assume you already have a functioning FTD Remote Access SSL VPN deployment using an existing AAA authentication server (like an on-premises AD/LDAP directory). These instructions walk you through adding SSO to your FTD using the Firepower Management Center (FMC) console. Primary and Duo secondary authentication occur at the identity provider, not at the Firepower itself. This deployment option requires that you have a SAML 2.0 identity provider (IdP) in place that features Duo authentication, like Duo Single Sign-On. Overviewĭuo's SAML SSO for Cisco Firepower (FTD) supports inline self-service enrollment and the Duo Prompt for An圜onnect and web-based SSL VPN logins. Our cloud-hosted SSO identity provider offers inline user enrollment, self-service device management, and support for a variety of authentication methods - such as passkeys and security keys, Duo Push, or Verified Duo Push - in the Universal Prompt. Add two-factor authentication and flexible security policies to Cisco Firepower with An圜onnect SAML 2.0 logins with Duo Single-Sign On. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |