I'm wondering if its still possible for individual users to install the AnyConnect client by authenticating via a web browser and let the web browser initiate the install even if the device that the user connects to is running in anyconnect essentials mode?
Also, a bonus question: If there are several tunnel groups and I want the user to know the tunnel group name in order to connect (because I don't want to display what tunnel groups are available), can I force the user to access a specific URL in order to connect to that specific tunnel group? I have done this with the premium version of the AnyConnect VPN in my lab, but does it still work for essentials? And what happens if the user starts the AnyConnect client and connects without using the web browser to initiate the VPN session? Will the AnyConnect client remember what tunnel group was used last to that specific device or do I have to show what tunnel groups are available in the AnyConnect client in order to let the user connect to that specific tunnel group again?
You can continue to web launch AnyConnect with the Essentials license installed. In order to direct users to a particular tunnel group without using an alias and drop down, you can configure group URLs. For example, you have a tunnel group called employee and another called contractor. With group URLs, users can access the respective web portal by entering https://vpn.test.com/employee or https://vpn.test.com/contractor. For users who have the AnyConnect client already installed, you can either put the group url above in the connect to box or you can configure a hostname and host address using a profile.