topic Re: how can cisco ise integrate with windows server ? in Network Access Control

how can cisco ise integrate with windows server ?

jewfcb001 — Tue, 12 May 2020 06:49:42 GMT

how can cisco ise integrate with windows server for windows login and use 2 factor authen via cisco ise ?

Re: how can cisco ise integrate with windows server ?

jewfcb001 — Tue, 12 May 2020 07:38:18 GMT

Update
how can Remote desktop authentication with Cisco ISE ?

Re: how can cisco ise integrate with windows server ?

Arne Bier — Tue, 12 May 2020 08:13:30 GMT

Let's turn that question around and ask, does Windows Server have any reason to use RADIUS for anything? I don't believe it has a RADIUS interface for any kind of authentication. If it does, then any RADIUS server can be used.

Re: how can cisco ise integrate with windows server ?

jewfcb001 — Tue, 12 May 2020 08:23:48 GMT

Thank you for answer .

I found some post about Remote desktop authentication via cisco ise but I confused about this function .

Can you explain for more detail ?

Re: how can cisco ise integrate with windows server ?

Arne Bier — Tue, 12 May 2020 10:26:29 GMT

Perhaps you can share the link that you are referring to.

A quick google search reveals that there is an RD Gateway that allows remote users to access the RDP services and this is coupled with a second factor authentication. That's where the RADIUS integration comes in. I don't fully understand it myself - but it seems that the MFA setup makes a RADIUS request to the RADIUS server (NPS/ISE whatever) and the RADIUS server has to authenticate the MFA request. If successful, then the MFA sends the SMS or notification to the user's mobile device. I don't believe it requires any specific ISE functionality. Microsoft have documented all the gory details here and they mention their own NPS server in the document - but I reckon ISE could also do the job.

Re: how can cisco ise integrate with windows server ?

thomas — Tue, 12 May 2020 21:57:42 GMT

I don't understand the exact scenario you are asking about since you were not detailed in your question.

1) Can ISE integrate with Windows Server: This is a general AD integration question. Yes, it if is an Active Directory domain controller, ISE can join the domain to use AD as an Identity Store/server for authenticating users.

2) Can cisco ise integrate with windows server for windows login: This sounds like a user login/network access control question using 802.1X and RADIUS. ISE will only authenticate domain computer or domain servers if 802.1X is enabled. This is extremely rare for servers since they are usually remotely managed and Windows RDP doesn't generate an 802.1X Login event.

3) Windows login and use 2 factor authen via cisco ise: ISE can authenticate a user doing a Windows login using 802.1X against Windows Active Directory if you configure the Windows wired supplicant (Wired AutoConfig Service). However 2 factor authentication with 802.1X is not currently possible.

4) use 2 factor authen via cisco ise: if 2 factor is the most important thing, you may use 2 factor authentication using a Self-Registered Guest web portal in ISE with a SAML Identity Provider that offers 2FA/MFA.

Re: how can cisco ise integrate with windows server ?

jewfcb001 — Thu, 14 May 2020 11:13:51 GMT

@thomas

Thank you for your information . I already update to the customer . I recommend they . They can choose Cisco DUO or Google Authenticator etc .. I think it's the best way for this solution.