Solved: Cisco ISE and Google Gsuite LDAP

giovanni.augusto · ‎07-23-2019

Hi Everyone,

I just read that Google Gsuite expose also an LDAPS connection, I would like to know if anyone had a chance to test it and eventually if it allows to retrieve Google identity attributes (groups, etc) with Cisco ISE.

I am considering the possibility of Wireless access via Google identity but traditionally Google identity attributes are not returned during oauth authentication and ISE SAML connector works only for web/guest portals, leaving out of the authorization portion (VLAN assignment, ACLs, etc) and I think that Google as LDAP may be used just like Active Directory.

hslai · ‎07-23-2019

As long as it LDAPv3 compliant, it should work with ISE. I have no access to an active G-Suite account so I can't test this.

Please note ISE not supporting MSCHAPv2 with LDAP stores; see Table 1 at Internal and External Identity Sources

View solution in original post

hslai · ‎07-23-2019

As long as it LDAPv3 compliant, it should work with ISE. I have no access to an active G-Suite account so I can't test this.

Please note ISE not supporting MSCHAPv2 with LDAP stores; see Table 1 at Internal and External Identity Sources

giovanni.augusto · ‎01-13-2021

Hi @hslai

Please allow me to revive this old topic.

I have now access to Google LDAPS and I am trying to integrate it with Cisco ISE version 3 patch #1.

I am facing an issue where it seems Google LDAPS requires a certificate for client authentication but I am unable to provide one with Cisco ISE GUI, do you know if this is a supported feature? In case yes I am happy to share detail about how it looks like.