AnyConnect has a command line interface, you could create a launch daemon that connects before login. You’ll need to provide a username and password in your script to connect
/opt/cisco/anyconnect/bin/vpn -s connect [HOST_ADDRESS] <<"EOF"
I guess you could use something like DEPNotify and a script in a Enrollment Customization Configuration to prompt the user for name and password and then call the VPN binary with them to establish a VPN connection
If you looking to add the mobile profile to the account over VPN, I was able to do it by the following steps.
Connect to VPN
Join the machine to the domain
Enable Create mobile account at login (located under Directory Utility)
Use the below script to create a domain account for the user a. This will put the user account on the computer (leave the single quotes):
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -a $adminUsername -U $'adminPassword' -n $USERNAME b. This will cache the user's password so you can log in with them:
dscacheutil -q user -a name $USERNAME
I found the instructions in this article: https://www.jamf.com/jamf-nation/discussions/35250/how-to-offline-add-a-domain-user-to-a-mac
Resurrecting this thread. Has anyone found a way to get this to work? Ideally, I would like the AnyConnect VPN gui window to popup at the login screen on a Mac. Allowing the user the ability to establish a VPN connection before logging into the Mac. @c.kay referenced that we might be able to use a launch daemon to do this workflow, however, I have no experience with creating launch daemons. Thoughts?
A custom login window plug-in will need to be created to interface with the above login process. No such dialog controls exist. Cisco should be up on point to create this interface for MacOS - they have the dev team and resources.