https://community.cisco.com/t5/network-access-control/eap-chaining-with-eap-tls/m-p/3227219#M554321 <P>Hello...re-deploying 802.1x within a network with high security requirements. Fully functional PKI deployment is already out that issues both user and machine certificates. Also using Cisco NAM 4.5 as supplicant and ISE 2.2 as RADIUS server.</P> <P>&nbsp;</P> <P>Setting up EAP-TLS for machine authentication is very easy to do. User authentication not so much. When setting up the new profile in Network Access Manager and I get to the "Credentials" tab of the network setup, I am prompted to "Use Single Sign On Credentials" or "Prompt for Credentials". We do not use Smart Cards so I cannot use the SSO Creds but I want to provide my end uses with the SSO experience and not have them have to select a certificate to use for authentication.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 668px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/4334iDAF9EC4A433A6FE1/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> Fri, 21 Feb 2020 18:40:53 GMT Daryl Clark 2020-02-21T18:40:53Z https://community.cisco.com/t5/network-access-control/eap-chaining-with-eap-tls/m-p/3227219#M554321 <P>Hello...re-deploying 802.1x within a network with high security requirements. Fully functional PKI deployment is already out that issues both user and machine certificates. Also using Cisco NAM 4.5 as supplicant and ISE 2.2 as RADIUS server.</P> <P>&nbsp;</P> <P>Setting up EAP-TLS for machine authentication is very easy to do. User authentication not so much. When setting up the new profile in Network Access Manager and I get to the "Credentials" tab of the network setup, I am prompted to "Use Single Sign On Credentials" or "Prompt for Credentials". We do not use Smart Cards so I cannot use the SSO Creds but I want to provide my end uses with the SSO experience and not have them have to select a certificate to use for authentication.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 668px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/4334iDAF9EC4A433A6FE1/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> Fri, 21 Feb 2020 18:40:53 GMT https://community.cisco.com/t5/network-access-control/eap-chaining-with-eap-tls/m-p/3227219#M554321 Daryl Clark 2020-02-21T18:40:53Z https://community.cisco.com/t5/network-access-control/eap-chaining-with-eap-tls/m-p/3227347#M554322 <P>Hi Daryl,</P> <P><BR />Under User Credentials select - Prompt for Credentials &gt; Remember while user is logged on. Then under Certificate sources ensure "Smart card or OS certificates" is selected. I've used this configuration and machine/user authentication is transparent to the user.</P> <P>&nbsp;</P> <P>HTH</P> Tue, 05 Dec 2017 19:13:46 GMT https://community.cisco.com/t5/network-access-control/eap-chaining-with-eap-tls/m-p/3227347#M554322 Rob Ingram 2017-12-05T19:13:46Z