cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure JumpCloud SSO for Cisco Meraki MX and Cisco AnyConnect (Cisco Secure Client) for VPN

JuergenKlaassen
Rising Star III
Rising Star III

Hello

Earlier this months Cisco Meraki released SAML Authentication for Cisco Secure Clients (formerly known as Cisco AnyConnect). You can find the respective documentation here and until now you need to ask Meraki's support to enable the feature for you (just raise a simple ticket to them). 
Notable is that you need a firmware version on your MX which is 16.3+ or 17.5+. In my case I configured this with the beta version 18.105.

On JumpCloud I used a "Custom SAML App"-Connector to get it configured.
As mentioned in Meraki's KB, the config naturally only supports SP-Initiated logins and therefore I uncheck the box to show the application in the User Portal: 

Screenshot 2023-02-20 at 12.17.58.png

 Following the KB's to set up SAML on the IDP side of things you end up with the following entries for JumpCloud while configuring the Connector:

SP Entity ID (case sensitive) https://<YOUR_FQDN_HERE>/saml/sp/metadata/SAML 

ACS URL: https://<YOUR_FQDN_HERE>/saml/sp/acs

Login URL: same as ACS URL

SAML Subject NameID Format: SAML 2.0 NameID Persistent

Declare Redirect Endpoint: checked (enabled)

 Screenshot 2023-02-20 at 12.27.13.png

 

Lastly assign your User Groups to be entitled for using this VPN-Connection. 

Now you can grab the JumpCloud Metadata-File and upload it to the Meraki Admin Dashboard.

Screenshot 2023-02-20 at 12.30.04.png

Screenshot 2023-02-20 at 12.30.54.png

 

Once done and saved, you're actually ready to fire up your Cisco Secure Client:

Screen Recording 2023-02-20 at 12.34.08.gifScreen Recording 2023-02-20 at 12.34.08 2.gifScreen Recording 2023-02-20 at 12.34.08 3.gif

If you need guidance on how to deploy and configure the Cisco Secure Client (AnyConnect), please check out one of my previous posts: Deploy and manage Cisco AnyConnect clients on macOS

Note at the end: I haven't tested this with an Conditional Access Policy applied to this connector yet

Thanks for reading as always.
Cheers

-Juergen
 

 

 

 

4 REPLIES 4

JuergenKlaassen
Rising Star III
Rising Star III

Update: Tested Conditional Access Policies here as well. 
Ideally you add the Cisco Secure Client to the Trusted Applications under Settings:

Screenshot 2023-02-21 at 12.40.06.png

 

rk_2024
Novitiate I

Hi Juergen,

I tried setup in Jumpcloud and Meraki Firewall with your suggested settings, the AnyConnect could launch a Jumpcloud login page, but error message "Bad Request" prompted after inputted user name and password. When I click the on "Bad Request", it redirected me to Jumpcloud user portal page. Do you help any idea about it? Thank you in advance.   

Hi @rk_2024 
Is this persistent and did you reach out to JumpCloud's support for this? Do you experience this on Windows or macOS?

Hi Juergen,

Thank you for your advice.

This is a persistent issue. I just tried it on Windows devices. 

I will seek help from JumpCloud's support.