Run the following command and copy the ACS URL, SP Entity ID and Single Logout Service URL values. Select Apply to save the settings.Ĭonnect to the ASA via SSH to obtain the required information for the next section. Go back to the Edit Connection Profile page.Ĭlick OK to save Profile Configuration. Select ASA Certificate for Service Provider Certificate.Ĭlick OK. Select the Acceptto Certificate that uploaded in the previous section for Identity Provider Certificate. Enter the URL of your Cisco ASA that users use to connect their VPN. In Configure SSO Servers SAML, click Add.Ĭopy the IDP Entity ID, Sign In URL and Sign Out URL from the Acceptto metadata that was downloaded earlier and paste in the required fields on the Add SSO Server page. In the SAML Identity Provider section, click on Manage button. In the Authentication section, click the Method drop down and select SAML. Select the Tunnel Group that you want to configure for SSO on the Connection Profiles section. Go to the Configuration tab and click on Remote Access VPN.įrom the navigation bar, click Network (Client) Access and then select An圜onnect Connection Profiles. Acceptto” LAB-ASA ( config-ca-trustpoint ) # enrollment terminal LAB-ASA ( config-ca-trustpoint ) # no ca-check CopyĬonfigure Cisco An圜onnect Connection Profile #
LAB-ASA ( config ) # crypto ca trustpoint “Trustpoint Name e.g.
If you couldn’t install the certificate through ASDM, connect to your ASA via SSH and run the below commands. Navigate to the Configuration tab and click on Device Management.įrom the navigation bar, click Certificate Management, and then select CA Certificates.Ĭlick on the Add to upload the Acceptto certificate that was downloaded earlier.įill the Trustpoint name and upload the Acceptto certificate. Log into your Cisco ASA through ASDM as an administrator. Pre-Requisites #Īn Acceptto account with a configured Identity Provider and LDAP Agent (See this page for the instructions).Ī Cisco ASA user account with administrative access (Cisco supports SSO Server in ASA version 9.7.1.24 or later and if users want to connect with An圜onnect they need An圜onnect 4.7 or later).Ī user with administrative privileges for the Acceptto Cloud dashboard.Ĭonfigure Cisco ASA as a Service Provider # Upload Acceptto Certificate to ASA #ĭownload the SAML metadata and certificate for your organization from Acceptto. SAML allows federated apps and organizations to communicate and trust one another’s users.Īcceptto™, as a SAML provider, improves the user login experience for Cisco VPN users with intelligent and convenient MFA. Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications.
Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to.
0 kommentar(er)
