cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1762
Views
0
Helpful
1
Replies

Cisco ISE with Azure AD (EAP-TLS)

Gh0$t
Level 1
Level 1

Hello Cisco Community!

I hope you're all doing well. I am currently facing an issue regarding the configuration of Cisco ISE v3.2 for Azure AD authentication as dot1x. I have successfully integrated Azure AD with ROPC REST API, but now I want to utilize this authentication for dot1x purposes.

After studying various online sources, I have come across information suggesting that this can be achieved using the EAP-TLS protocol. However, I am a bit confused about which certificate to use and where to obtain and install it. It's worth noting that we primarily operate in an Apple environment.

I would greatly appreciate any guidance or assistance from the community in resolving this issue. Specifically, I would like to know:

  1. Which certificate should be used for the EAP-TLS authentication in the context of Azure AD integration with Cisco ISE?
  2. Where can I obtain the necessary certificate?
  3. Once obtained, how and where should the certificate be installed within our Apple environment?

Any insights, recommendations, or step-by-step instructions would be immensely helpful in helping me navigate this configuration challenge.

Thank you all in advance for your time and support!

1 Accepted Solution

Accepted Solutions

  1. Whatever your PKI environment is.  Do you have one stood up today?  Is it pushing out user certificates to all managed computers?
  2. See 1.
  3. Using your MDM solution.

https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635

https://www.youtube.com/watch?v=iAKyIHFqbgE

 

View solution in original post

Speaker: Greg Gibbs, Cisco Security Architect 00:00 Intro 02:23 Traditional Active Directory vs Azure Active Directory 05:06 Azure AD Join Types: Registered, Joined, Hybrid Joined 07:00 Intune MDM Enrollment Options 09:08 Windows Autopilot 10:04 Windows Self-Service Out-of-Box Experience (OOBE) ...
1 Reply 1

  1. Whatever your PKI environment is.  Do you have one stood up today?  Is it pushing out user certificates to all managed computers?
  2. See 1.
  3. Using your MDM solution.

https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635

https://www.youtube.com/watch?v=iAKyIHFqbgE

 

Speaker: Greg Gibbs, Cisco Security Architect 00:00 Intro 02:23 Traditional Active Directory vs Azure Active Directory 05:06 Azure AD Join Types: Registered, Joined, Hybrid Joined 07:00 Intune MDM Enrollment Options 09:08 Windows Autopilot 10:04 Windows Self-Service Out-of-Box Experience (OOBE) ...