Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3573
Views
5
Helpful
5
Replies

Cisco ISE integration with SMS passcode Device

Angus Bishop
Level 1
Level 1

‎11-22-2014 02:34 AM - edited ‎03-10-2019 10:12 PM

HI Experts,

 

i have a scenario where the requirement is to integrate the ISE device with SMSpasscode device which will trigger the OTP to the mobile devices 

Currently i have my authentication configured to work with the AD 

When my VPN users connects  its authenticates against AD and the users get the access . 

Now as per the new requirement once the user is authenticate against AD ,  the user should be prompted for the OTP password send to the users  using SMS passcode device 

 

Anyone had worked on similar requirement please help me to resolve the issue .

 

 

Thanks in advance 

Angus

 

 

 

Labels:
0 Helpful
5 Replies 5

Gunnar Hermansen
Level 1
Level 1

‎11-25-2014 04:00 AM

Hi Angus

SMS PASSCODE and Cisco ISE can live together. i do not know if you have a Cisco ASA in front of this scenario, but just in case, then i have a Cisco ASA Quick guide that i have attached.

The Cisco ISE can be used a and forward the request to the NPS server with SMS PASSCODE Radius Client protection installed. 

If the Cisco ISE authenticates the Username and password, then you can forward the request to the NPS, and specify in the SMS PASSCODE Configuration tool, that it should skip Password validation for the radius client. Please make 100 % sure that the authentication is taken place at the Cisco ISE, before implementing this.

The SMS PASSCODE Radius client protection installation and configuration is included in the SMS PASSCODE Administrators guide, that you can find in the software package.

I hope this can help you.

 

 

Preview file
1552 KB
0 Helpful

julien.guyon
Level 1
Level 1
In response to Gunnar Hermansen

‎11-25-2014 06:41 AM

Hi all

I am working exactly for a month on this topic with no success.

I need to integrate VASCO OTP solution. But VASCO do not support any external authentication backend for virtual/SMS token. Only passcode or local authentication.

I need to implement an external authentication against LDAP somewhere...

Gunnar, do CISCO clearly says it is not able to participate to such setup?

 

So, my need would be to be able to insert in the flow an authentication in ISE against the LDAP.

The flow is:

WebApplication send login+password (LDAP) to ISE

ISE checks the credentials and if it is OK forward the request to VASCO

VASCO does not check for password but generate the OTP and send it via SMS

VASCO replies with a access-challenge

ISE forward the challenge to Web Application

WebApplication send login+OTP response to ISE

ISE forward to VASCO

VASCO checks for OTP and replies to ISE with accept

ISE forward to Web Application

User is logged in...

 

All the flow is working if the user enters a passcode

 

I would like to implement a Identity source sequences where the user is checked again all the entries not the first match

First LDAP then VASCO...

 

 

 

Gunnar Hermansen
Level 1
Level 1
In response to julien.guyon

‎11-26-2014 12:37 AM

Hi Julien,

I am sorry, but i do not know anything about Vasco, so i can´t help you with that. I Work with SMS PASSCODE and that will work using Radius.

Hope you will get it to work.

0 Helpful

Freemen
Level 1
Level 1
In response to julien.guyon

‎01-06-2016 10:02 PM

Hi, Have you managed to find out if VASCO can be integrated with Cisco ISE?

0 Helpful

isaacalves27
Level 1
Level 1
In response to Gunnar Hermansen

‎10-26-2016 02:49 AM

Hello Gunnar

I now that this is an old thread but the issue didn't disappeared :)

Did you got SMS Passcode to work with ACS and the ASA?

ASA -- > ACS --> SMS Passcode

Best 

Isaac

0 Helpful
Customers Also Viewed These Support Documents