Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2630
Views
6
Helpful
6
Replies

ISE OKTA SAML Integration for Admin Access to Web GUI

Go to solution
jordanburnett
Level 4
Level 4

‎06-26-2019 11:23 AM

Hello,

 

I have a customer that has asked whether we can add two-factor authentication to the Admin Access side of ISE via OKTA as a SAML provider. I have only ever configured this with native AD integration based on a security group. 

 

Does anyone have any idea if the Admin Access (access to the ISE GUI) can be integrated with OKTA? 

 

The ISE 2.6 guide mentions only some of the actual portals for end users, not administrators. 


Thanks! 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-26-2019 05:39 PM

No, not currently. SAML is only supported for Guest, Mydevices, Sponsor, and Certificate provisioning portal.

View solution in original post

6 Replies 6

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-26-2019 05:39 PM

No, not currently. SAML is only supported for Guest, Mydevices, Sponsor, and Certificate provisioning portal.

Go to solution
jordanburnett
Level 4
Level 4
In response to howon

‎06-30-2019 05:52 AM

Thanks! Is there any way to do multi-factor authentication for Admin Access? 

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to jordanburnett

‎06-30-2019 07:43 AM

@jordanburnett wrote:

... Is there any way to do multi-factor authentication for Admin Access? 

Yes, MFA does not require SAML. See an example how it can be done at Solved: MFA for ISE admin access? - Cisco Community

0 Helpful

Go to solution
jmorton1
Level 1
Level 1

‎10-16-2023 09:59 AM

Does anyone know if this has changed by chance? It has been 4 years. I was hoping with could do SAML for the admin portal of ISE 3.3

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to jmorton1

‎10-16-2023 02:22 PM

Yes, SAML is supported for authentication of the Admin GUI. See this example and see if you can tweak it for your use case.
Configure ISE 3.1 ISE GUI Admin Log in Flow via SAML SSO Integration with Azure AD 

Go to solution
jmorton1
Level 1
Level 1
In response to Greg Gibbs

‎10-16-2023 04:21 PM

Thank you! I will note that I had to deviate from the instructions under the sections 7. Configure Active Directory Group Attribute and Step 4. Configure SAML Groups on ISE. Under 7. Configure Active Directory Group Attribute, instead of giving the group claim a custom name, I had to leave the claim name for groups as the default, http://schemas.microsoft.com/ws/2008/06/identity/claims/groups, and then under Step 4. Configure SAML Groups on ISE, for the group membership attribute, instead of just putting "groups", I had to put http://schemas.microsoft.com/ws/2008/06/identity/claims/groups and then the group mapping worked.

0 Helpful
Customers Also Viewed These Support Documents