<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AFrBkhCQFOkta Classic EngineMulti-Factor AuthenticationAnswered2025-10-28T09:03:48.000Z2024-09-24T17:10:08.000Z2024-09-30T21:05:33.000Z

lp2ao (lp2ao) asked a question.

Edited September 25, 2024 at 8:03 AM
Okta SAML with Cisco FTD

I'm trying to configure Okta MFA with a Cisco Firepower 1120 running Threat Defense 7.2.5. There seems to be no specific application for this device so i am using the Cisco ASA application. I found the configuration help provided all the data I needed to fill in the config through the FTD UI rather than ASA CLI. When I try to test it I continually get the error "Failed to Generate AuthNRequest" upon clicking connect from Cisco Secure client. Appreciate any assistance

 

edit: when i put the IDP Entity ID URL provided into a browser i get a 404 could this be part of the issue?

  • 3 answers
  • 564 views

  • DianaL.19788 (Customer Support Online Community and Social Care)

    Hi @lp2ao (lp2ao)​ , thank you for contacting Okta Community.

     

    Cisco ASA is case-sensitive, so it's worth checking the data used before troubleshooting further.

    This being said, the IDP Entity ID URL should not return a 404 error while you are logged into your org. This was briefly discussed on the developer forum. I think you can post a question about it there as well.

     

    You can also try to create a SAML application in Okta and configure it for Cisco ASA through the App Integration Wizard. This was discussed in detail here.

     

    Regards.

    -----------------------------------------------------------------

    Help others in the community by liking or hitting Select as Best if this response helped you.

     

     

    Expand Post

  • lp2ao (lp2ao)

    Hi im using Cisco FTD not ASA, totally different. Anyhow I tried what you said and logged into my acount in admin mode, then posted the IDP in another browser window and i get "Page not found" Im using a trial okta account for this for testing purposes. Would that be why? Is the IDP confidential? can i post it here for you to check?

    • DianaL.19788 (Customer Support Online Community and Social Care)

      @lp2ao (lp2ao)​ , please do not post the IDP link or any other similar details here. I've discussed your question with some of our colleagues who specialize in similar matters.

       

      The consensus was that you should try to create a custom application using the wizard (details here). However, you will need to contact Cisco and ask them for the SAML instructions so you can get the links.

       

      Regards.

      -----------------------------------------------------------------

      Help others in the community by liking or hitting Select as Best if this response helped you.

       

       

      Expand Post
This question is closed.
Loading
Okta SAML with Cisco FTD