topic Re: Discovered Identities in FMC in Network Security

Discovered Identities in FMC

Steven van Jaarsveld — Thu, 08 Sep 2022 08:12:59 GMT

Hello Experts

I have a customer that has a Firepower Deployment and we have integrated into ISE using PXGrid. We have also created an AD Realm and integrated this via LDAP.

VPN authentication is making use of a Certificate and when a user logs on or off we can see the User Activity in the FMC under the User Activity but this is mapped to Discovered Identity instead of the AD Realm. We have tried multiple options in the certificate to try and match it against the AD Realm but this doesn't work. If we change the VPN Authentication type to AAA-only or AAA & Certificate then the user is correctly mapped to the AD Realm. The client does not want to make this change on the VPN as he does not want the users to have to enter credentials when accessing the VPN.

This is impacting the Passive Identity Policy assigned to the Access-Control Policy. We are able to select the relevant AD Group in the rules that are required to have this set but the users never match the rule because of the Discovered Identity match

Anyone have any ideas how to resolve this?

Re: Discovered Identities in FMC

Rob Ingram — Thu, 08 Sep 2022 08:31:35 GMT

@Steven van Jaarsveld I haven't had this exact requirement before....how about still using certificate authentication but send authorisation only to ISE? This would send the username extracted from the certificate, ISE would perform an AD lookup of the username and authorise the user. This would create a session in ISE, which is forwarded to the FMC/FTD.

Re: Discovered Identities in FMC

alirafaleiro — Thu, 29 Sep 2022 08:29:29 GMT

The Cisco Secure Firewall Management Center (FMC) is your administrative nerve center for managing critical Cisco network security solutions.

https://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-736775.html

Re: Discovered Identities in FMC

NA-School — Mon, 20 Nov 2023 22:34:26 GMT

Did you ever find a resolution to this?

Re: Discovered Identities in FMC

t1m1 — Thu, 03 Jul 2025 09:35:26 GMT

Any update here.
I have the same issue with cdFMC. SAML Authentication is working fine but nor realm is discoverd for the user session.
A SAML Relam is configured in FMC and also an LDAP realm. Authorisation with LDAP has been tested too, but it still won't link the realm to the user.

Has somebody find a solution

Re: Discovered Identities in FMC

MHM Cisco World — Thu, 03 Jul 2025 10:31:53 GMT

Make new post please

MHM