https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916079#M911840 <P>Hi</P> <P>you can do in 2 common ways:</P> <P>- by checking machine certificates pushed on machines by Active Directory</P> <P>- by checking the machine itself if it is member of the AD group "computers"</P> <P>on ISE side, those 2 ways would be your authorization conditions:</P> <P>- for AD groupmembership, the condition for your authentication&nbsp;rule would be : (the simplest way and rule). (dot1x with Ad Group membership as source validation)</P> <P><EM><STRONG>Ad.domain:externalgroups EQUAL ad.domain/Users/Domain Computers</STRONG></EM></P> <P><STRONG></STRONG><EM></EM><EM></EM>- For certificate authenticatio, you need to create a certificate template and use it validate your machine (dot1x with certificate template as source validation)</P> <P>Is it more clear?</P> <P>Thanks</P> <P>PS: Please don't forget to rate and mark as correct answer if this solved your issue&nbsp;</P> Mon, 27 Jun 2016 22:52:30 GMT Francesco Molino 2016-06-27T22:52:30Z https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916078#M911837 <P>How to do machine authentication?</P> Fri, 21 Feb 2020 13:51:25 GMT https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916078#M911837 miras 2020-02-21T13:51:25Z https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916079#M911840 <P>Hi</P> <P>you can do in 2 common ways:</P> <P>- by checking machine certificates pushed on machines by Active Directory</P> <P>- by checking the machine itself if it is member of the AD group "computers"</P> <P>on ISE side, those 2 ways would be your authorization conditions:</P> <P>- for AD groupmembership, the condition for your authentication&nbsp;rule would be : (the simplest way and rule). (dot1x with Ad Group membership as source validation)</P> <P><EM><STRONG>Ad.domain:externalgroups EQUAL ad.domain/Users/Domain Computers</STRONG></EM></P> <P><STRONG></STRONG><EM></EM><EM></EM>- For certificate authenticatio, you need to create a certificate template and use it validate your machine (dot1x with certificate template as source validation)</P> <P>Is it more clear?</P> <P>Thanks</P> <P>PS: Please don't forget to rate and mark as correct answer if this solved your issue&nbsp;</P> Mon, 27 Jun 2016 22:52:30 GMT https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916079#M911840 Francesco Molino 2016-06-27T22:52:30Z https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916080#M911847 <P>Hi there, are you interested in doing machine authentication only or doing EAP-Chaining that you have listed in your screen shot?</P> <P>If you want to see how EAP-Chaining is configured for both machine and user authentication I would suggest watching this video. It is older and references and older version of ISE but it is still good:</P> <P><A href="http://www.labminutes.com/sec0049_ise_1_1_user_machine_authentication_eap_chaining_part_2">http://www.labminutes.com/sec0049_ise_1_1_user_machine_authentication_eap_chaining_part_2</A></P> <P>I hope this helps!</P> <P><EM>Thank you for rating helpful posts!</EM></P> Sat, 02 Jul 2016 14:23:50 GMT https://community.cisco.com/t5/network-security/ise-machine-authentication/m-p/2916080#M911847 nspasov 2016-07-02T14:23:50Z