Which details you would like to see ?
Here is some infos.
ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com"
Each domain does not make a trusted relationship so these 2 domains cannot communicate between them.
Each domain has owned Enterprise Root CA (Microsoft)
Client who need to access the network need to authenticate with EAP-TLS.
My ISE node joined into domain "acme.com"
User will be "firstname.lastname@example.org"
Once the user from "email@example.com" try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com)
After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy.