12-21-2023 04:22 AM
Hi All,
I just wanted to check if it is mandatory to disable MFA for Azure AD users so that ISE can do user authentication?
Solved! Go to Solution.
12-21-2023 01:26 PM
What specific use case are you referring to for user authentication?
If you're talking about REST ID using ROPC for Wired/Wireless/VPN user authentication, then a blanket per-user MFA policy could cause issues. In that case, you would want to use a Conditional Access policy for MFA and ensure the App Registration used for the Graph API is exempted from MFA.
12-21-2023 04:55 AM
Depends on the requirement
if you looking onluy ISE should do authentication, then you do not need to configured MFA
if you looking for MFA then you need to use MFA with different method not the AD authnetication.
exmaple MS SAML for MFA
12-21-2023 01:26 PM
What specific use case are you referring to for user authentication?
If you're talking about REST ID using ROPC for Wired/Wireless/VPN user authentication, then a blanket per-user MFA policy could cause issues. In that case, you would want to use a Conditional Access policy for MFA and ensure the App Registration used for the Graph API is exempted from MFA.
12-29-2023 06:44 AM
We use ISE 3.2 Patch 4 REST ID using ROPC for Wired user authentication with Azure Active Directory. The authentication method used is EAP-TTLS. Customers do not want to disable MFA. I suggested they use the Conditional Access policy; however, my query is in the Conditional Access policy; what should be the conditions so that MFA will be bypassed for user authentication requests coming from the PSN node? Shall I create a Location Policy and Mention the PSN IP address? Or Client apps (Other Client) that do not use modern authentication?
01-01-2024 08:01 PM
@jitendrac ISE 3.2 adds this feature EAP-TLS and TEAP Authorization Support with Azure AD and that might fit your requirements better. Otherwise, please work with Microsoft support on the conditional access policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide