SMA SAML to Azure AD with mobile connect (MAC)
RedNet Enthusiast ✭✭
I have an SMA 500v with a portal for users that uses Azure AD (with MFA) SAML. Users connect to netextender by web browsing to the portal, redirected to SAML auth and auto launch of Netextender.
I have one user on a MAC who needs to use Mobile Connect, but it looks like Mobile connect wont work with the Azure AD SAML auth redirection.
Has anyone used the SMA portal with SAML via Azure AD (MFA) on a MAC?
Category: Secure Mobile Access Appliances
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Just set this up today. Logging into SMA 1000 appliance using Azure with MFA. Connecting through the portal page works fine. Using the Mobile Connect Client - doesn't even prompt for a username or password. It just says Cannot find the network.
Does Connect Tunnel work? Not an option with SMA 100 series of course.
Same problem here,
Configured SMA 500v with SAML authentication (Azure AD), Netextender is connecting only if we connect throught the web portal, otherwise if we tried to connect within nexextender application using the profile automatically created there is an error "can not access appliance for security" or "initializing connection parameters... failed"
Anybody been able to have it working? I can't have Alway's on VPN enable cause of this and its anoying to have users logged throught the web for any connexion...
I had to go with LDAP portal for the MAC and stand up a radius server with the azure MFA nps plugin. 😒
My understanding (SAML in general) the auth is redirected to M365 and the auth SAML token is generated by Azure (not the SMA) and the SMA/Netextender picks it up from the "users" browser session, so your "always on" will never work in the way I am understanding you want it to. But this is not an SMA problem, this is because you are using SAML to Azure for auth.
The browser always needs to get involved to redirect the login to azure and get the token.
On other vendors the client vpn app will open the browser in a small browser window when the users auths, on the SMA I could only ever get it to work the other way round, by manually web browsing to the SMA portal page and letting the sma connect agent open/launch netextender.
I have set up this scenario with NPS and Azure MFA plugin.
Logging into the portal works with MFA.
Netextender and Mobile Connect Client doesn't.
Any tips for me? Which Firmware on the SMA and wich version of Netextender or Mobile Connect do You use?