Solved: Easy Connect & ISE-PIC Integration - Supported PassiveID Provider Types

dmorello74 · ‎04-17-2019

I would like to please get some feedback about lSE-PIC leveraging the Active Directory Agent for Easy Connect. I have been told recently by a Cisco Engineer that the AD Agent is not supported with Easy Connect. Is this true? If Easy Connect is not supported with ISE-PIC leveraging the Active Directory Agent, then what Use Case(s) would the Active Directory Agent be used? Maybe the Use Case of Firepower System Passive Authentication via pxGrid with ISE-PIC? The AD agent is just another ISE-PIC (PassiveID) provider type/technology to gather authentication data from the AD servers. Even though EasyConnect is not specifically mentioned, shown below are a few Cisco documented references to ISE-PIC leveraging the AD Agent so I am a little confused. I would appreciate any insight and/or feedback that you can provide. Thank you in advance....

- Dan

Timothy Abbott · ‎04-17-2019

Hi,

The only PassiveID provider that is supported with EasyConnect is WMI. ISE-PIC doesn't do any form of authorization. It is simply sharing identity learned by one or more providers to pxGrid subscribers. For EasyConnect, you will need ISE and PassiveID configured using WMI with AD.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎04-17-2019

Hi,

The only PassiveID provider that is supported with EasyConnect is WMI. ISE-PIC doesn't do any form of authorization. It is simply sharing identity learned by one or more providers to pxGrid subscribers. For EasyConnect, you will need ISE and PassiveID configured using WMI with AD.

Regards,

-Tim