https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5349768#M11596 <DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>You can’t directly integrate an on-prem Cisco WSA S395 with Microsoft Entra ID for authentication because WSA doesn’t support Entra ID as a native identity provider. Instead, you typically use one of these workarounds:</P><OL><LI><P>Sync on-prem AD to Entra ID (via Entra Connect) and keep WSA pointed at on-prem AD/LDAP or Kerberos/NTLM for user auth.</P></LI><LI><P>Use Cisco ISE or another identity proxy that can consume Entra ID signals and pass group/user info to WSA.</P></LI><LI><P>For cloud-based identity-aware web filtering, consider Cisco Secure Web Appliance with Umbrella or move to Umbrella SIG, which integrates natively with Entra ID.</P></LI></OL><P>In short: No direct Entra ID auth on WSA—use AD/ISE, or move to a cloud solution that supports Entra ID.</P></DIV></DIV></DIV></DIV><DIV class="">&nbsp;</DIV> Tue, 25 Nov 2025 10:23:03 GMT jameswood32 2025-11-25T10:23:03Z https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5349763#M11595 <P><STRONG>Hello,</STRONG></P><P>I would like to integrate our on-prem WSA S395 with Entra ID to manage admin logins both on the GUI and via CLI. Unfortunately, I can only find documentation online for the ESA, which refers to the menu item <STRONG>“System Administration &gt; SAML”</STRONG>, but this option does not exist on the WSA.</P><P>Can anyone tell me if this is even possible or where I can find documentation for it?</P> Tue, 25 Nov 2025 09:38:01 GMT https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5349763#M11595 Jens.Wall1 2025-11-25T09:38:01Z https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5349768#M11596 <DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>You can’t directly integrate an on-prem Cisco WSA S395 with Microsoft Entra ID for authentication because WSA doesn’t support Entra ID as a native identity provider. Instead, you typically use one of these workarounds:</P><OL><LI><P>Sync on-prem AD to Entra ID (via Entra Connect) and keep WSA pointed at on-prem AD/LDAP or Kerberos/NTLM for user auth.</P></LI><LI><P>Use Cisco ISE or another identity proxy that can consume Entra ID signals and pass group/user info to WSA.</P></LI><LI><P>For cloud-based identity-aware web filtering, consider Cisco Secure Web Appliance with Umbrella or move to Umbrella SIG, which integrates natively with Entra ID.</P></LI></OL><P>In short: No direct Entra ID auth on WSA—use AD/ISE, or move to a cloud solution that supports Entra ID.</P></DIV></DIV></DIV></DIV><DIV class="">&nbsp;</DIV> Tue, 25 Nov 2025 10:23:03 GMT https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5349768#M11596 jameswood32 2025-11-25T10:23:03Z https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5350051#M11597 <P>what is the code running on WSA ?</P> <P>check enhancement :</P> <P><A href="https://bst.cisco.com/quickview/bug/CSCwk69930" target="_blank">https://bst.cisco.com/quickview/bug/CSCwk69930</A></P> <P>other option if you have ISE :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/221634-configure-swa-second-factor-authenticati.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/221634-configure-swa-second-factor-authenticati.html</A></P> Wed, 26 Nov 2025 07:40:30 GMT https://community.cisco.com/t5/web-security/integrating-on-prem-cisco-wsa-s395-with-microsoft-entra-id/m-p/5350051#M11597 balaji.bandi 2025-11-26T07:40:30Z