08-09-2022 05:25 AM
Hello!
So I have a bit of an interesting idea that I'm trying to accomplish. I currently have Splunk Cloud setup with an LDAP bind to my Azure AD setup and it works just fine. I also have a on-prem ISE setup that will force MFA for things like VPN and so forth through radius. What I'm trying to do is point splunk to my on-prem ISE setup and have it BIND with my ISE setup to see if I can't force MFA that way. The trouble that I'm running into is Binding splunk to ISE which I'm not sure if that is even possible. I'm sure there is a way of doing this through possible proxies or Network policy servers, but I'd like to use what I have and not have to resort to other applications like Duo and so forth. I know that path would work, but I'd like to try and use the path I already have setup. It might not even be possible, but I'm sure there is a way
The end goal here is to get Splunk (or other apps) to force MFA through ISE. Any thoughts?
Path:
user login --> Splunk (cloud) ---> ISE (on-prem) --> ISE to Azure (NPS proxy that prompts MFA) --> user logs in
10-04-2022 12:33 AM
Hello John,
For deploying Splunk-for-ISE Add-on & Cisco Identity Service Engine (ISE) please refer below link.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco Endpoint Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
If this doesn't help please email me, I would like to setup a Webex to discuss your issues.
Thanks,
Ujjawal
urathod@cisco.com
12-09-2022 07:20 AM
Cisco ISE serves RADIUS requests. Splunk Cloud will not send RADIUS requests to your on-prem ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide