Overview of Cisco ASA for PingID MFA

This procedure details the configuration required in your Cisco ASA VPN for integrating PingID Multi Factor Authentication (MFA).


This procedure assumes that you have already configured the necessary settings in PingOne and PingFederate.

How Multi-Factor VPN Authentication Works

The following flow represents a general flow. Actual configuration varies according to actual company infrastructure considerations and policies.

  1. When a user opens their VPN login window (IPSec or SSL VPN) and enters a username and password, their details are sent to the RADIUS Server on PingFederate via the VPN.
  2. PingFederate authenticates the user’s credentials against the LDAP Server as a first-factor authentication.
  3. Upon LDAP authentication approval, the RADIUS server initiates a second authentication with PingID. If authentication is denied, an error occurs, a message is displayed on the user’s VPN window.
Your Rating: