Another addition to posting about DUO and ISE integration. This time it is about password change. After researching various option I came across the following 3 solutions. 1. Add a dedicated connection profile, call it Password_Reset and authenticate users directly to LDAP or ISE. This works OK for this setup …
Category: MFA
In continuation to my previous post about DUO and ISE integration, I came to a problem where I had to integrate ISE posture into the mix. Passing standard Radius attributes with the existing setup was not an issue but since posture required a bit more complicated authentication flow it did …
Now, once you have Radius-Challenge enabled let’s look at the enrollment user experience through Cisco Anyconnect (AC). Self-Service portal is not an option under Cisco Radius VPN application so no special configuration was needed. When user enters his credentials and logs in he is prompted with enrollment URL popup. User …
Finally I had a chance to configured Radius_Challenge feature with Cisco Anyconnect (AC) and of course, it did not go as smoothly as I would expect it. Why would you need this option? For example, you have a user without a smartphone, or smartphone version is no longer supported by …
I’ve worked before with RSA Multi-Factor Authentication (MFA) solution but this is the first time I’ve integrated cloud-based MFA. I’ll skip configuration related to DUO setup and will concentrate on what is relevant to Cisco. With all kinds of DUO configuration guides and whitepapers I’ve struggled to find a clear …