---
title: Overview of Cisco ASA for PingID MFA
description: This topic details the configuration required in your Cisco ASA VPN for integrating PingID multi-factor authentication (MFA).
component: pingid
page_id: pingid:pingid_integrations:pid_overview_cisco_asa_pid_mfa
canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_overview_cisco_asa_pid_mfa.html
revdate: January 27, 2024
section_ids:
  how-multi-factor-vpn-authentication-works: How Multi-Factor VPN Authentication Works
  processing-steps: Processing steps
---

# Overview of Cisco ASA for PingID MFA

This topic details the configuration required in your Cisco ASA VPN for integrating PingID multi-factor authentication (MFA).

## How Multi-Factor VPN Authentication Works

The following image represents a general flow. Actual configuration varies according to company infrastructure considerations and policies.

![A flowchart showing a general MFA request using Cisco ASA.](_images/vdu1564020860759.png)

## Processing steps

1. When a user opens either their IPSec or SSL VPN sign-on window and enters a username and password, their details are sent to the RADIUS Server on PingFederate through the VPN.

2. PingFederate authenticates the user's credentials against the LDAP Server as first-factor authentication.

3. After LDAP authentication approval, the RADIUS server initiates second-factor authentication with PingID. If authentication is denied, the user's VPN window displays an error message.