Cisco AnyConnect VPN has a new feature called Start Before Login (SBL), also known as the “GINA” Module. This feature will allow you to login to the VPN before signing into your workstation (e.g., before it displays the desktop on your Domain-Joined Windows 10 device). Use this feature when:
-
- You are remote (I.e., not on campus using a campus network connection) and have never previously signed into a domain-joined workstation.
- You reset your password while not signed on to a campus network connection
- When you wish to have updated workstation policies applied while not using a campus network connection.
|
Please Note: The SBL/GINA Module and the Cisco Anyconnect Client Agent versions need to match exactly for it to function properly. Please ensure clean installation of both modules as a primary Troubleshooting step. |
Download or Install Cisco AnyConnect Secure Mobility Client with SBL/Gina Enabled
The best way to get the Start Before Login (SBL) software installed is from Software Center. The application will automatically install or upgrade existing Cisco AnyConnect components to the latest available version.
From a computer (Windows 10 or later) issued by UCF , you can access the Software Center (a catalog of applications you can install yourself) by clicking the start menu and typing in “software center”. You can search for the Cisco AnyConnect Client from Software Center.
- Opened the Software Center by clicking the windows start menu and search for “Software Center”, in the Software Center Application search for the Cisco AnyConnect and click on install to install the software (see picture below).
-
- NOTE: If you do not have access to the application in Software Center, please use the following information to contact the UCF Service Desk for assistance.
UCF Service Desk:
-
-
- Phone: 407.823.5117
- Email: itsupport@ucf.edu
- Hours: Monday to Friday, 7 a.m. to 10 p.m.
- Website: it.ucf.edu
-
· Open Software center and search using keyword “Cisco” or “Anyconnect” and click Install
Please Note: The Software will need to be made available in the Software Center to a particular zone/area before it will be visible in Software Center. Please contact the Endpoint Engineering Services (UCFTeam-UCFIT-EndpointEngineeringServices@groups.ucf.edu) for assistance on deployments if needed.
How to Use Cisco AnyConnect Mobility Client “Start Before Logon” feature from the User’s login screen:
-
- Enter username: Your NID
- Enter password: Your NID Password
- The Multifactor Authentication (MFA) challenge will be prompted:
- Note: Only DUO push or Call me is supported. We recommend using the Duo Mobile App (available from Apple or Google app stores) for the best experience. Please follow the instructions below to get started.
- Enroll your mobile device: https://guide.duo.com/enrollment
- iPhone Device: https://guide.duo.com/iphone
- Android Device: https://guide.duo.com/android
Note: YubiKey is not supported
How to Use the AnyConnect Mobility Client from the login screen
Using the VPN at the User’s login screen is completely optional. To use the module from the login screen please refer to the steps below.
- Clicking on the new network icon from the User’s login screen appeared to the left of the built-in Windows network status icon as shown in the screenshot below.
2. Enter the VPN URL (secure.vpn.ucf.edu) if isn’t prepopulated and click connect
3. Choose “UCF_StartBeforeLogon” from the group dropdown menu and enter your NID username and NID Password and approve your DUO challenge.
(Duo Push is recommended)
4. Accept UCF System User Agreement to be connected to the VPN.
5. Once the VPN connection has been established, Login to the computer with your NID username and password.
Please note: Some endpoints have restrictions on which accounts can be utilized to login interactively. The account used to connect the VPN session DOES NOT need to be the same as the one being utilized to login to the desktop.