Security

Customer wants to use ClearPass and Azure MFA (Multi Factor Authentication) for Cisco anyconnect VPN users. Can this be done with ClearPass? attached doco explians how it's done with Cisco ASA and Azure.

Attachment(s)

How to- Two-Factor Authentication with ClearPass and RSA ...pdf   2.18 MB 1 version

Cisco_ASA_Azure_MFA_LDAP.docx   6.08 MB 1 version

It’s likely possible, but it’s not something that has been tested so it’s not supported by TAC. I should also add that Microsoft's Azure MFA Server has been deprecated and is not available for new install.

Good Afternoon!

Has there been any change in 6.9 to support CPPM and Azure MFA via RADIUS?

We are in the same boat, VPN solution that allows RADIUS, but can't directly talk to the Azure APIs for MFA.

Thank you!

There is no native Azure MFA integration still with CPPM 6.9, you need to use NPS as a gateway/proxy to authN between CPPM <> NPS <> Azure MFA.

Could you explain further how to configure this? Any chance there is a white paper or similar on this configuration? We want to use Clearpass as our primary RADIUS, but have some requirements to use Azure MFA and SAML features. From what I've seen, you are correct and we would need to include NPS for the integration with Azure.

Can you recommend any guides or resources for this? This is for a Pulse VPN solution that ideally uses computer certificate authentication, Azure MFA, and SAML SSO capabilities.