Configuring a SAML Single Sign-on Authentication

Before you begin

Ensure that you have done the following before you configure SAML single sign-on with FTD remote access VPN:

Create an account with Duo
Download and install the Duo Access Gateway
Obtain the following from your SAML identity provider (Duo)
- Identity Provider Entity ID URL
- Sign-in URL
- Sign-out URL
- Identity provider certificate

Create a SAML single sign-on server object under Object > Object Management > AAA Server > Single Sign-on Server

Note	You can also create a single sign-on server object in the connection profile settings when you create a new remote access VPN configuration using the wizard.

Procedure

Step 1

Choose Devices > VPN > Remote Access.

Step 2

Click Add to create a new remote access VPN or edit an existing VPN configuration.

Step 3

Configure the Connection Profile > AAA settings and select Authentication Method > SAML.

Step 4

Select the required SAML single sign-on server as the Authentication Server.

Note

For a new remote access VPN configuration: when you configure the Connection Profile settings, you can click + next to the Authentication Server list to create a new SAML single sign-on server object.

For more information about creating a single sign-on server object, see Add a Single Sign-on Server.

Step 5

Configure the required settings for the remote access VPN.

Step 6

Save the remote access VPN configuration and deploy it on your Firepower Threat Defense device.