Installed RADIUS agent to use with our Cisco ASA. Need MFA.
I installed the RADIUS agent to use with our Cisco ASA. I need to add an MFA requirement but can not figure out how to do this. I even went as far as having Devices turned on in our Preview area to configure the VPN there instead, but again, I can't find any way to turn on the MFA requirement. Has anyone else done this?
This is a little bit non-intuitive right now. In order to prompt for MFA with the RADIUS Agent, MFA has to be enabled for the Okta Sign-On Policy, and for RADIUS connections. See the attached screens for set up.
The Cisco AnyConnect client fully support Okta MFA. I removed the previous post that stated otherwise. The end user will be presented with a challenge from the AnyConnect client for second factor authentication, like this:
What do you do if the Cisco Anyconnect prompt for MFA does not contain the descriptive text as shown in your example? MFA works but without the text users do not know how to pick which method.
I've followed as much advice as I can from within the Okta help site here and I can't figure out how to get the anyconnect client to show the multiple-choice question for which factor to choose. I can see it in the logs on the Windows server running the Okta radius client, and I can manually answer (press '2' for google authenticator, then on next pop-up, put in the auth code, and it works).