So I have a bit of an interesting idea that I'm trying to accomplish. I currently have Splunk Cloud setup with an LDAP bind to my Azure AD setup and it works just fine. I also have a on-prem ISE setup that will force MFA for things like VPN and so forth through radius. What I'm trying to do is point splunk to my on-prem ISE setup and have it BIND with my ISE setup to see if I can't force MFA that way. The trouble that I'm running into is Binding splunk to ISE which I'm not sure if that is even possible. I'm sure there is a way of doing this through possible proxies or Network policy servers, but I'd like to use what I have and not have to resort to other applications like Duo and so forth. I know that path would work, but I'd like to try and use the path I already have setup. It might not even be possible, but I'm sure there is a way
The end goal here is to get Splunk (or other apps) to force MFA through ISE. Any thoughts?
user login --> Splunk (cloud) ---> ISE (on-prem) --> ISE to Azure (NPS proxy that prompts MFA) --> user logs in