Firepower

Configuring SAML and MFA on Cisco Firepower 1120

Overview Setting up SAML authentication with MFA on a Cisco Firepower 1120 for VPN access is essential for modern security requirements. Microsoft’s documentation provides a good starting point, but it’s missing critical CLI configuration commands for the Firepower side. This guide fills in those gaps and documents the lessons learned during implementation. Prerequisites Cisco Firepower 1120 with appropriate licensing and AnyConnect Azure AD (Microsoft Entra ID) tenant with administrative access Access to Firepower via ASDM or CLI Your Firepower VPN’s public FQDN and SSL certificate configured Configuration Steps Step 1: Create the Enterprise Application in Azure Follow Microsoft’s guide to create the Cisco Secure Firewall app in Azure AD:

Cisco
Firepower
SAML
MFA
VPN
ASDM
Azure AD
Entra ID

Tuesday, August 12, 2025 | 4 minutes Read