cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1053
Views
0
Helpful
5
Replies
Highlighted
Beginner

ISE integration with Azure AD

Hi all! 

I have multiple problems using 802.1x authentication in my environment. Wu currently use cisco wlc -> MS NPS -> Azure AD

We're looking for possibility to replace NPS with brand new Cisco ISE.

Is it possible to use Azure AD as external identity source for 802.1x? 

Probably someone could provide guide how to configure such interaction.

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advisor

Re: ISE integration with Azure AD

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.
Cisco Employee

Re: ISE integration with Azure AD

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm
5 REPLIES 5
VIP Advisor

Re: ISE integration with Azure AD

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.
Beginner

Re: ISE integration with Azure AD

Hi,

Can you share  the "how to integrate ISE with Azure AD  as LDAP"  document.   do we need an ISE interface which is Publicly reachable by Azure ?

Cisco Employee

Re: ISE integration with Azure AD

Do we have any documentation on this topic, so how to integrate ISE with Azure AD for Cisco wireless authentication?

Cisco Employee

Re: ISE integration with Azure AD

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm

Re: ISE integration with Azure AD

Hi!

So you have working environment with on premise WLC, NPS and Azure AD?

Could you give me guidance how you can manage to do that? On premise NPS can use azure as authentication source? We have that same setup and at this point is would be enought if we can autenticate against Azure AD. 

 

How can i make connection from NPS to Azure AD?

 

-Petri