Benutzerprofil für Benutzer: PASFrei
PASFrei Autor
Stufe: Stufe 1
4 Punkte

Cisco AnyConnect SAML authentication with Intunes MDM

Hi,

We are trying to implement the SAML authentication for AnyConnect VPN with Intunes MDM managed iPhones.

Problem: Cisco Anyconnect is unable to get the "Azure Device ID" (Certificate provided by Intunes MDM) while authentication with SAML (Azure) from the iPhones. But its works when we try to open a VPN link with the browser, and the browser is prompting us to select the certificate while authenticating.

Without the certificate selection by AnyConnect, Azure is unable to get the "Azure Device ID", hence authentication is failing.

We have tried to push the apple profile with "VendorConfig" and push it to the device to choose the MDM device ID by AnyConnect as per the Cisco article, but it didn't work.


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>IPv4</key>

<dict>

<key>OverridePrimary</key>

<integer>0</integer>

</dict>

<key>PayloadDescription</key>

<string>Configures VPN settings</string>

<key>PayloadDisplayName</key>

<string>VPN</string>

<key>PayloadIdentifier</key>

<string>com.apple.vpn.managed.D1785C84-0B7B-4B78-8464-E5879530A508</string>

<key>PayloadType</key>

<string>com.apple.vpn.managed</string>

<key>PayloadUUID</key>

<string>D1785C84-0B7B-4B78-8464-E5879530A508</string>

<key>PayloadVersion</key>

<integer>1</integer>

<key>Proxies</key>

<dict>

<key>HTTPEnable</key>

<integer>0</integer>

<key>HTTPSEnable</key>

<integer>0</integer>

</dict>

<key>UserDefinedName</key>

<string>VPN.com/string>

<key>VPN</key>

<dict>

<key>AuthenticationMethod</key>

<string>Password+Certificate</string>

<key>IncludeAllNetworks</key>

<integer>0</integer>

<key>RemoteAddress</key>

<string>vpn-com</string>

</dict>

<key>VPNSubType</key>

<string>com.cisco.anyconnect</string>

<key>VPNType</key>

<string>VPN</string>

<key>VendorConfig</key>

<dict>

<key>DeviceUniqueIdentifier</key>

<string>mdm_provisioned_device_id</string>

</dict>

</dict>

</array>

<key>PayloadDisplayName</key>

<string>Untitled</string>

<key>PayloadIdentifier</key>

<string>mac-padalas.AE75E924-4E65-426C-8165-8F12C1217331</string>

<key>PayloadRemovalDisallowed</key>

<false/>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<string>4D771E09-6F17-4375-A4AA-D7647F59217C</string>

<key>PayloadVersion</key>

<integer>1</integer>

</dict>

</plist>




Gepostet am 08. Feb. 2022 07:11

Antworten

Ähnliche Fragen

1 Antwort

Dieser Thread wurde vom System oder dem Community-Team geschlossen. Du kannst alle Beiträge positiv bewerten, die du hilfreich findest, oder in der Community nach weiteren Antworten suchen.

Cisco AnyConnect SAML authentication with Intunes MDM

Willkommen in der Apple Support Community
Ein Forum, in dem Apple-Kunden sich gegenseitig mit ihren Produkten helfen. Melde dich mit deinem Apple Account an, um Mitglied zu werden.
Weitere Informationen Registriere dich