<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UqISAVOkta Classic EngineMulti-Factor AuthenticationAnswered2025-06-14T10:29:51.000Z2016-02-20T20:11:06.000Z2016-03-31T16:35:00.000Z

0y2b6 (0y2b6) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Allowing groups instead of single user access for Okta MFA with VPN for Cisco ASA.
Hi.

 

Has anyone attempted to allow groups instead of a per user access when setting up the DAP for Okta MFA with Cisco ASA?  I'm following the config document, https://support.okta.com/help/blogdetail?id=a67F0000000blQKIAY, and when I get to 'Configure the Dynamic Access Policy' I can only allow on a per user.  I would like to add/allow a group and avoid adding 200+ users individually.

0EMF00000009S7A

If you look in the red rectangle, you have to allow on a per user basis.

 

Thanks,

Phil
  • 1 answer
  • 1.12K views
ChristopherP.43472 likes this.

  • JP Manansala (Okta, Inc.)

    Hi Phil,

     

    Thanks for posting your inquiry in Okta Community.

     

    I think you're on the right path on setting your environment to use DAP on Cisco ASA to control your user access on a per tunnel or session basis. I think you can achieve your task at hand on adding Groups on DAP by changing your configuration on Cisco ASA AAA attribute to point in an LDAP or RADIUS server. For this solution you need to setup your own LDAP/RADIUS server. For more information please check this link: 

     

    http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

     

    Please let me know if you need any additional information. Thank you.

     

    Best,

     

    JP
    Expand Post
This question is closed.
Loading
Allowing groups instead of single user access for Okta MFA with VPN for Cisco ASA.