Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3746
Views
3
Helpful
7
Replies

Duo Integration with ISE for TACACS+ Device Administration with AD Users

Patricio_Mansilla
Level 1
Level 1

‎10-26-2021 06:44 AM

Hi guys,

I need to know if is possible use DUO with ISE connected tu Azure AD to give access to our Network equipment using Tacacs+

i already test using duo with duo proxy+ise+ad on-premise, but now i need use ise with azure ad, the idea is not use a duo proxy

2X_2_21f626d57348b7fa5ae8bb4123bf039e83a14c66.jpeg

Thanks

Labels:
0 Helpful
7 Replies 7

Antony GALLEZ
Level 1
Level 1

‎10-27-2021 08:39 AM

Hi @Patricio_Mansilla,

As far as I know, the only way to integrate ISE with Duo is through Radius and hence through the authentication proxy.

This is also stated in the Duo documentation:

To integrate Duo with your Cisco ISE, you will need to install a local Duo proxy service on a machine within your network. This Duo proxy server will receive incoming RADIUS requests from your Cisco ISE, contact your existing local LDAP/AD or RADIUS server to perform primary authentication, and then contact Duo’s cloud service for secondary authentication.

HTH
Antony

Jamie7
Level 1
Level 1

‎02-22-2022 06:01 AM

Hi @Patricio_Mansilla

Can you please share how you use DUO for ISE Device Admin with AD

Thanks,

0 Helpful

Jamie7
Level 1
Level 1

‎02-23-2022 05:38 AM

Thanks alot @Patricio_Mansilla, Appreciate your response.

SHABEEB KUNHIPOCKER
Level 3
Level 3

‎02-19-2024 12:10 PM

Hi Guys,

I have the same query. Is it possible in the current version of ISE?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎02-20-2024 01:21 PM

This gal suggests taking a look at the Duo feature released in ISE 3.3 P1:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-33/221232-configure-ise-3-3-native-multi-factor-au.html

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/release_notes/b_ise_33_RN.html#concept_btq_mhd_lzb

This implements direct connectivity between ISE and Duo without Duo Authentication Proxy server deployment.

Duo, not DUO.
0 Helpful

SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to DuoKristina

‎02-24-2024 07:49 AM

Hello Kristina,

Thanks a lot for your response. Does the direct integration have any limitations over the DUO Auth Proxy method?. Instead of the on-Premises AD, can we use the Azure AD along with the direct integration method?.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents