cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1901
Views
0
Helpful
6
Replies
Contributor

ISE Integration - Azure MFA (Cloud Only Deployment)

Looking into an Azure MFA Cloud deployment and there seems to be some specific NPS server requirements if we want to leverage the solution, at least according to Microsoft.

Documentation:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

We already have an enterprise solution for RADIUS (ISE), scaling out another set of servers/infrastructure for this simple purpose is undesirable. Has anyone deployed this using ISE (not sure that's possible)? Is the PD team working with Microsoft PD to provide a solution using ISE?

Everyone's tags (2)
6 REPLIES 6
Cisco Employee

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

Please take a look at this post

ISE using Azure MFA and AD

- Krish

Cisco Employee

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

One more post on the same topic.

ISE Authentication to Azure MFA - RADIUS PAP Only?

- Krish

Contributor

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

Thanks Krish, these cover what Microsoft terms Hybrid MFA deployment requiring an MFA server on premise. For Cloud MFA, that's where the NPS servers come in. Any chance to get the ISE team to talk with Microsoft to see what would be required to get the NPS capability into ISE?

Cisco Employee

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

Thanks a lot for your post. I will relay your inquiry to our product management team. Please note that ISE not currently supporting multiple authentications other than EAP chaining and CWA chaining.

Contributor

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

This seems more of a RADIUS proxy configuration, but there also seems to be some https calls that are exchanged as well, perhaps for azure account verification? MS would need to fill in the blanks. Thanks for passing it along.

Highlighted
Cisco Employee

Re: ISE Integration - Azure MFA (Cloud Only Deployment)

.