cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
616
Views
5
Helpful
2
Replies

Cisco ISE 2.4 + Guest Portal Azure disable MFA

iman.yuliarto
Beginner
Beginner

Hi Guys,

 

We have an issue with Cisco ISE 2.4.0.357 patch 13 + wireless Guest portal to Azure with SAML, the configuration was work properly until last week.

We have changes at last month to enable MFA on all azure authentication, but the issue just appears last week.

 

the issue is :bf285612-b6ce-4852-ac73-d179d69e43cc.jpeg

 

after we try to research this, we found the link

https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-method-mismatch 

also this cisco live pdf at page 32 https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/documents-securite/9/1/Webcast_ISE_Pujol_mar09_2021.pdf 

 

but we can't find on the ISE how to modify SAML Header request to Azure. we need to remove RequestedAuthnContext as suggested by Microsoft and Cisco

 

We want to disable Azure MFA only for Cisco ISE communication.

did anyone have face this issue?

 

Thanks for help

 

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

The Cisco deck you shared specifically references ISE version 3.0. This is an enhancement that would not be present in your current version of ISE 2.4. You will need to upgrade your ISE deployment to take advantage of this feature enhancement.

You should also be aware that ISE version 2.4 reaches End of Support in Dec 2022.

View solution in original post

2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

The Cisco deck you shared specifically references ISE version 3.0. This is an enhancement that would not be present in your current version of ISE 2.4. You will need to upgrade your ISE deployment to take advantage of this feature enhancement.

You should also be aware that ISE version 2.4 reaches End of Support in Dec 2022.

Hi Greg,

So if we want to disable or enable the MFA we should upgrade to ISE 3.0 as the Cisco Deck provide?

 

Yeah sure we want to upgrade but ISE 3.0 licensing is different. Thanks for remind.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers