cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
548
Views
0
Helpful
1
Replies

ISE MDM WLAN 802.1x EAP-TTLS: validate server cert only + MDM compliancy status

Hi,

 

I have the following question and situation.  I have computer connected to Microsoft Azure AAD only not locally domain joined.

These devices are registered inside intone.

I would like to grant access to the WIFI if the device is in compliant inside intune.  And maybe check the ISE Certificate only.

I do not want to use client or computer certificates.  

I am using Cisco WLC.

Is this possible or will I always need client or computer certificate?
Where do I need to look I read the with EAP-TTLS no client cetficiate is required but I think you still need username and password.

How to best approach this?

 

1 Reply 1

Arne Bier
VIP
VIP

If you are not using client certificates, then what authentication method are you using to identify the clients to ISE?  Username and Password? If so then you won't be able to lookup/verify those credentials against AzureAD.

If using a public AD like AzureAD, your only option is to use client certificates, and you can use Secure LDAP to AzureAD to allow ISE to pull the AD Groups for the username specified in the certificate - that will allow you some flexibility in the AuthZ creation.

 

The Intune integration is pretty well supported as far as I know. That part should be doable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: