Allowing groups instead of single user access for Okta MFA with VPN for Cisco ASA. Skip to main content
https://support.okta.com/help/answers?id=906f0000000hzzuias&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Phil NgoPhil Ngo 

Allowing groups instead of single user access for Okta MFA with VPN for Cisco ASA.

Hi.

Has anyone attempted to allow groups instead of a per user access when setting up the DAP for Okta MFA with Cisco ASA?  I'm following the config document, https://support.okta.com/help/blogdetail?id=a67F0000000blQKIAY, and when I get to 'Configure the Dynamic Access Policy' I can only allow on a per user.  I would like to add/allow a group and avoid adding 200+ users individually.
adding single user
If you look in the red rectangle, you have to allow on a per user basis.

Thanks,
Phil
Jaypee ManansalaJaypee Manansala (Okta)
Hi Phil,

Thanks for posting your inquiry in Okta Community.

I think you're on the right path on setting your environment to use DAP on Cisco ASA to control your user access on a per tunnel or session basis. I think you can achieve your task at hand on adding Groups on DAP by changing your configuration on Cisco ASA AAA attribute to point in an LDAP or RADIUS server. For this solution you need to setup your own LDAP/RADIUS server. For more information please check this link: 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

Please let me know if you need any additional information. Thank you.

Best,

JP