Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21323
Views
0
Helpful
7
Replies

ISE integration with Azure AD

Go to solution
yurii.chornyi
Level 1
Level 1

‎02-19-2019 07:42 AM

Hi all! 

I have multiple problems using 802.1x authentication in my environment. Wu currently use cisco wlc -> MS NPS -> Azure AD

We're looking for possibility to replace NPS with brand new Cisco ISE.

Is it possible to use Azure AD as external identity source for 802.1x? 

Probably someone could provide guide how to configure such interaction.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-19-2019 08:17 PM

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to tjarvent@cisco.com

‎09-03-2019 01:22 PM

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-19-2019 08:17 PM

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.
0 Helpful

Go to solution
moniamechirgui
Level 1
Level 1
In response to Mohammed al Baqari

‎08-13-2019 11:48 AM

Hi,

Can you share  the "how to integrate ISE with Azure AD  as LDAP"  document.   do we need an ISE interface which is Publicly reachable by Azure ?

0 Helpful

Go to solution
tjarvent@cisco.com
Cisco Employee
Cisco Employee
In response to moniamechirgui

‎09-01-2019 11:57 PM

Do we have any documentation on this topic, so how to integrate ISE with Azure AD for Cisco wireless authentication?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to tjarvent@cisco.com

‎09-03-2019 01:22 PM

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm
0 Helpful

Go to solution
iantriggs
Level 1
Level 1
In response to Jason Kunst

‎11-12-2019 04:24 PM

This advice is not correct.  Azure AD is not Active Directory nor is it accessible via LDAP.  I haven't run through the setup yet, but maybe you can try this - https://community.cisco.com/t5/security-documents/notes-on-azure-ad-as-saml-idp/ta-p/3644255

0 Helpful

Go to solution
Petri Kemppainen
Level 1
Level 1
In response to Mohammed al Baqari

‎10-29-2019 09:56 AM

Hi!

Do you have document available where has been told that Azure ad works as authentication source? 

If i try to add Azure AD LDAPS connection, ISE says that socket is closed? Why? 

And with Clearpass i can connect to azure and use it for tacacs and admin authentication but not 802.1x authentication.

-Petri

0 Helpful

Go to solution
Petri Kemppainen
Level 1
Level 1

‎09-18-2019 06:42 AM

Hi!

So you have working environment with on premise WLC, NPS and Azure AD?

Could you give me guidance how you can manage to do that? On premise NPS can use azure as authentication source? We have that same setup and at this point is would be enought if we can autenticate against Azure AD. 

 

How can i make connection from NPS to Azure AD?

 

-Petri 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents