AAD integration with Cisco Anyconnect

%3CLINGO-SUB%20id%3D%22lingo-sub-2953596%22%20slang%3D%22en-US%22%3EAAD%20integration%20with%20Cisco%20Anyconnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2953596%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20anyone%20here%20help%20me%20get%20some%20insights%20to%20the%20cost%20of%20integrating%20cisco%20anyconnect%20with%20Azure%20AD%20and%20using%20Azure%20for%20MFA%20in%20the%20same%20context%3F%3CBR%20%2F%3EOr%20if%20there%20even%20is%20a%20cost%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20documentation%20i'm%20referring%20to%20is%20linked%20below.%3CBR%20%2F%3EI%20have%20searched%20(alot)%20for%20an%20answer%2C%20but%20no%20luck%2C%20so%20now%20i'll%20try%20here.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fcisco-anyconnect%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fcisco-anyconnect%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fanyconnect-secure-mobility-client%2F215935-configure-asa-anyconnect-vpn-with-micros.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fanyconnect-secure-mobility-client%2F215935-configure-asa-anyconnect-vpn-with-micros.html%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2953596%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Enetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2953700%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20integration%20with%20Cisco%20Anyconnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2953700%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1064811%22%20target%3D%22_blank%22%3E%40Hjorthen%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReading%20both%20articles%2C%20they%20both%20mention%20two%20types%20of%20subscriptions%20that%20are%20required%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EAn%20Azure%20AD%20subscription%3B%3C%2FLI%3E%3CLI%3EA%20Cisco%20AnyConnect%20subscription%20that%20has%20SSO%20enabled%20on%20it.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EI%20have%20zero%20idea%20about%20Cisco%20subscriptions%2C%20but%20for%20Azure%20AD%2C%20you%20could%20probably%20get%20through%20the%20testing%20phase%20with%20an%20Azure%20AD%20Basic%20(free)%20licence%20-%20if%20you%20don't%20already%20have%20that%20or%20better%20at%20your%20disposal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20testing%20is%20done%2C%20you%20most%20likely%20would%20want%20to%20look%20at%20the%20Azure%20AD%20P1%20subscription%2C%20but%20ultimately%20that's%20dependent%20on%20what%20you%20already%20have%20(if%20anything)%20and%20what%20you're%20looking%20to%20achieve.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20get%20an%20estimate%20using%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-au%2Fpricing%2Fdetails%2Factive-directory%2F%23pricing%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%20Microsoft%20licencing%20page%20(there's%20also%20a%20link%20to%20the%20pricing%20calculator%20on%20that%20page%2C%20too)%20but%20numerous%20sectors%20(such%20as%20education%2C%20charity%2C%20etc)%20are%20eligible%20for%20discounts%20meaning%20you'd%20want%20to%20get%20a%20final%20price%20from%20your%20account%20manager%20-%20if%20you%20have%20one.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi.

Can anyone here help me get some insights to the cost of integrating cisco anyconnect with Azure AD and using Azure for MFA in the same context?
Or if there even is a cost?

The documentation i'm referring to is linked below.
I have searched (alot) for an answer, but no luck, so now i'll try here.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-anyconnect

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215935-configu...

1 Reply

@Hjorthen 

 

Reading both articles, they both mention two types of subscriptions that are required:

 

  1. An Azure AD subscription;
  2. A Cisco AnyConnect subscription that has SSO enabled on it.

I have zero idea about Cisco subscriptions, but for Azure AD, you could probably get through the testing phase with an Azure AD Basic (free) licence - if you don't already have that or better at your disposal.

 

One point to note here is that Azure AD Basic doesn't come with the ability to manage MFA in a per user basis. You can only make certain MFA configuration changes for the organisation as a whole. If the organisation is already on Azure AD Basic licencing then you might want to uplift your own licence to an Azure AD P1 licence so you can make more granular MFA and AAD changes using your account as the test bed. But this is something you'll have to figure out for yourself.

 

Once testing is done, you most likely would want to look at the Azure AD P1 subscription, but ultimately that's dependent on what you already have (if anything) and what you're looking to achieve.

 

You can get an estimate using this Microsoft licencing page (there's also a link to the pricing calculator on that page, too) but numerous sectors (such as education, charity, etc) are eligible for discounts meaning you'd want to get a final price from your account manager - if you have one.

 

If your organisation is already on Azure AD P1 or greater licencing, then it's quite likely you will not have to pay any extra in relation to the Azure AD subscription requirement. You'll just have to quantify the Cisco AnyConnect subscription cost.