https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4617467#M574954 <P>Hi Greg,</P> <P>So if we want to disable or enable the MFA we should upgrade to ISE 3.0 as the Cisco Deck provide?</P> <P>&nbsp;</P> <P>Yeah sure we want to upgrade but ISE 3.0 licensing is different. Thanks for remind.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 25 May 2022 11:14:58 GMT iman.yuliarto 2022-05-25T11:14:58Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4616266#M574932 <P>Hi Guys,</P> <P>&nbsp;</P> <P>We have an issue with Cisco ISE 2.4.0.357 patch 13 + wireless Guest portal to Azure with SAML, the configuration was work properly until last week.</P> <P>We have changes at last month to enable MFA on all azure authentication, but the issue just appears last week.</P> <P>&nbsp;</P> <P>the issue is :<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="bf285612-b6ce-4852-ac73-d179d69e43cc.jpeg" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/151844iDB4CE80DDAA50BFC/image-size/large?v=v2&amp;px=999" role="button" title="bf285612-b6ce-4852-ac73-d179d69e43cc.jpeg" alt="bf285612-b6ce-4852-ac73-d179d69e43cc.jpeg" /></span></P> <DIV id="tinyMceEditorimanyuliarto_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>after we try to research this, we found the link</P> <P><A href="https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-method-mismatch" target="_self">https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-method-mismatch</A>&nbsp;</P> <P>also this cisco live pdf at page 32 <A href="https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/documents-securite/9/1/Webcast_ISE_Pujol_mar09_2021.pdf" target="_self">https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/documents-securite/9/1/Webcast_ISE_Pujol_mar09_2021.pdf</A>&nbsp;</P> <P>&nbsp;</P> <P>but we can't find on the ISE how to modify SAML Header request to Azure. we need to remove <CODE>RequestedAuthnContext</CODE> as suggested by Microsoft and Cisco</P> <P>&nbsp;</P> <P>We want to disable Azure MFA only for Cisco ISE communication.</P> <P>did anyone have face this issue?</P> <P>&nbsp;</P> <P>Thanks for help</P> <P>&nbsp;</P> Tue, 24 May 2022 10:26:12 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4616266#M574932 iman.yuliarto 2022-05-24T10:26:12Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4616857#M574944 <P>The Cisco deck you shared specifically references ISE version 3.0. This is an enhancement that would not be present in your current version of ISE 2.4. You will need to upgrade your ISE deployment to take advantage of this feature enhancement.</P> <P>You should also be aware that <A href="https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-743964.html" target="_blank" rel="noopener">ISE version 2.4 reaches End of Support in Dec 2022</A>.</P> Tue, 24 May 2022 23:00:57 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4616857#M574944 Greg Gibbs 2022-05-24T23:00:57Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4617467#M574954 <P>Hi Greg,</P> <P>So if we want to disable or enable the MFA we should upgrade to ISE 3.0 as the Cisco Deck provide?</P> <P>&nbsp;</P> <P>Yeah sure we want to upgrade but ISE 3.0 licensing is different. Thanks for remind.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 25 May 2022 11:14:58 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-4-guest-portal-azure-disable-mfa/m-p/4617467#M574954 iman.yuliarto 2022-05-25T11:14:58Z