cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2956
Views
0
Helpful
6
Replies

Google WiFi 802.1x Authentication with ISE

paul
Level 10
Level 10

Has anyone done Google account authentication with ISE for WiFI 802.1x access?  Not Google two factor, just using google account login (email) and password to connect to 802.1x WiFi.  Meraki has a Google connector built directly into their solution.  I have seen other solutions like JumpCloud that you can use to integrate.  I think I can set something up with FreeRADIUS as well.

 

Just checking if anyone has gone through this setup.  This is for a K12 where all the students have Google accounts and they want to allow some to connect to a special 802.1x SSID.

 

 

1 Accepted Solution
6 Replies 6

This is a bit different as they want students to be able to use their Google credentials on their personal mobile devices to join an SSID. I have pivoted to using your SAML document to setup guest portal with Google SAML. Then I am going to do an AD group lookup in authorization phase as their Google and AD account have same principle name.

@howon @paul I would think ISE would need a way to communicate with it via some sort of proxy?

That was the genesis of my original question.  I think to do Dot1x with Google account you need to have an external RADIUS server with hooks into Google to do this. Meraki has native integration, but outside of SAML ISE doesn't.

 

I am going to use a variation of this post:

 

https://community.cisco.com/t5/security-documents/google-suite-guest-sso-single-sign-on-with-ise-via-saml-for/ta-p/3643930

 

Just closing this out, I tested the Google SAML setup on a guest portal with the customer today using Google department value filtering and it worked perfectly.  Great document.

Hi,

 

I know this post is a little old but I would like to ask:

 

Are you able to retrieve groups information or any other information from Google by using Google authentication with ISE?

and with Meraki? have you been able to?

 

My assumption is that both Meraki and ISE provide only authentication result but no attributes when authentication is done against Google but I may be wrong.