Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
1
Helpful
5
Replies

Imprivata as a RADIUS token server in ISE

Go to solution
Ciscorocks
Level 1
Level 1

‎12-27-2022 01:12 PM

Does anyone have documentation or a configuration guide on the integration of ISE and Imprivata for 2FA auth for SSLVPN?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Ali Farooqi

‎02-20-2023 01:25 PM

I'm not familiar with Imprivata, but if it only supports SAML you will likely need to do the Authentication directly from the VPN headend (ASA, FTD, etc) then use ISE for Authorization only. This is the same flow that is used for SAML using AzureAD + MFA.

 

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-27-2022 01:49 PM

as per I know Imprivata  its self an identity used in the medical field.

SSLVPN client connects to the remote access Server using ISE in the normal situation, where is the Imprivata device in the network?

now sure what the requirement is here, can you explain more?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Ciscorocks
Level 1
Level 1
In response to balaji.bandi

‎12-27-2022 02:38 PM

I was wondering if there is a guide for setting up imprivata as a token server and using it as an external identity source in ISE. I found quite a bit of documentation for the set up with DUO but not imprivata. I’m assuming its about the same.

User connects to ssl vpn, FTDs send requests to ISE, ISE queries imprivata, and then Active Directory, push notification is sent to users phone and the user accepts the push and a radius accept is sent to imprivata to ISE to the FTD.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Ciscorocks

‎12-27-2022 02:54 PM

You need to test this, since ISE does everything what you looking to do, so most of them don't have any other identity requirement, 

check this ISE can be configured external authentication source :

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Ali Farooqi
Level 1
Level 1

‎02-16-2023 07:19 PM

Anyone made it work? As far as i know Imprivata can do SAML but cannot be configured as external radius server in ISE.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Ali Farooqi

‎02-20-2023 01:25 PM

I'm not familiar with Imprivata, but if it only supports SAML you will likely need to do the Authentication directly from the VPN headend (ASA, FTD, etc) then use ISE for Authorization only. This is the same flow that is used for SAML using AzureAD + MFA.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents