Productivv

IT | CLOUD | RELIABLE

Configure Cisco AnyConnect with SAML (Azure)

Configure Cisco AnyConnect on Cisco Meraki MX firewall with SAML authentication from Azure

AZURE

  1. Log in to Azure Portal and select Azure Active Directoryazureportal
  2. Select “Enterprise Applications”
    enterprise applications
  3. New Application
    newapplication
  4. In the Add from the gallery section, type AnyConnect in the search box, select Cisco AnyConnect from the results panel, and then add the app. 
  5. Single Sign On
  6. SAML
    saml
  7. Edit Section 1
    section1
    1. Identifier (Entity ID)  – https://firewallname-qpjgjhmpdh.dynamic-m.com/saml/sp/metadata/SAML 
    2. Reply URL (Assertion Consumer Service URL) – https://firewallname-qpjgjhmpdh.dynamic-m.com/saml/sp/acs
  8. SAML Signing Certificate, Download Federation Metadata XML filecode

CISCO MERAKI

  1. Go to your Network
  2. Select “Security & SD-WAN” => Configure => Client VPN
  3. Second tab “AnyConnect Settings”
    1. Enabled
    2. Leave the default AnyConnect Port to 443
    3. Authentication Type => SAMLsaml
    4. AnnyConnect Server URL, same as the hostname but with “https://”annyconnectserverurl
    5. Upload the Federation Metadata XML file from step 8 in the previous sectionsdf

ASIGN USERS / GROUP

  1. Choose left in the menu for “Users and groups” => Add usersdf
  2. Select “Users and groups”
  3. Assign

Resources

AnyConnect Authentication Methods – Cisco Meraki

AnyConnect Azure AD SAML Configuration – Cisco Meraki