DUO MFA enrolling Anyconnect users with Radius-Challenge

Now, once you have Radius-Challenge enabled let’s look at the enrollment user experience through Cisco Anyconnect (AC).  Self-Service portal is not an option under Cisco Radius VPN application so no special configuration was needed.

When user enters his credentials and logs in he is prompted with enrollment URL popup. User needs to manually copy and paste it into the browser.

Once there Start setup process.

Select mobile device to add. Mobile phone is preferred.

Enter phone #.

Verify ownership with code.

Once confirmed select default notification method. It seems like with Radius-Challenge this option is not applicable as the user will always be presented with a selection menu.

Success message confirms successful enrollment.

At this point user needs to return to AC and redo authentication.

 

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar