topic Active Directory and Cisco Secure Access Integration in Cloud Security

Active Directory and Cisco Secure Access Integration

hadi123 — Fri, 20 Dec 2024 01:36:15 GMT

Is there a way to integrate Active Directory (Child Domain) to Cisco Secure Access without any involving any Enterprise Account?
Our setup with Cisco Secure Access and Active Directory integration using domain and AD connector, when installing AD connector where ad is installed it requires user credentials for the ad connector to have a successful connection but the credentials used for ad connector is not a member of "Enterprise Read-Only Domain Controllers". I think that's why it's causing the error because the user used is not a member of "Enterprise Read-Only Domain Controllers". But when I try to add the user to that member, the status is connected.

Re: Active Directory and Cisco Secure Access Integration

ccieexpert — Fri, 20 Dec 2024 18:27:51 GMT

Hello

the requirements are documented here. you need to have read and replicating directory change permissions.. there is no way around it to get the user to ip mapping information.

https://docs.sse.cisco.com/sse-user-guide/docs/prerequisites-for-ad-connectors#:~:text=You%20must%20configure%20a%20server,.

Assign Read and Replicating Directory Changes permissions.
Alternatively, you can make the AD Connector account a member of the built-in Enterprise Read-only Domain Controllers group, which will automatically assign these permissions.

The AD Connector does an initial synchronization of the AD structure to Secure Access. After this, it detects changes to the AD structure and communicates these changes only. The detection of changes requires the Replicating Directory Changes permission. The AD Connector cannot function without this permission.

Re: Active Directory and Cisco Secure Access Integration

hadi123 — Sat, 21 Dec 2024 14:18:33 GMT

Noted and thank you