Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
1
Helpful
5
Replies

Integrate ISE withh Entra ID for Sponsor groups

Go to solution
antcatt
Level 1
Level 1

‎02-24-2025 08:07 AM

Hello,

I'm currently deploying a Cisco ISE infrastructure (v3.3) and I'm configuring the guest and sponsor portals.
As we will be using Entra ID instead of a legacy AD, I'm looking for information to know if it is possible to perform a "join" with Entra ID which will allow me to tag user groups to my sponsor groups.

Thank you for your help.
Best regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎02-24-2025 02:03 PM

Entra ID is not Active Directory. There is no way for ISE to 'join' Entra ID.

For authenticating/authorizing Sponsors against Entra ID, you would need to use the SAML-based method.
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216129-configure-ise-3-0-sponsor-portal-with-az.html

 

View solution in original post

5 Replies 5

Go to solution
PSM
Level 1
Level 1

‎02-24-2025 08:37 AM

From the information provided, i understand you want to authenticate sponsors using Entra ID and want to retrieve group memberships from Entra ID. That is possible, here is the reference link for that. 

https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-entra-id-and-intune/ta-p/4763635

0 Helpful

Go to solution
antcatt
Level 1
Level 1
In response to PSM

‎02-25-2025 12:49 AM

Hello,
Thank you for your reply. I have checked this very detailed documentation, however I don't think it matches my use case. 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎02-24-2025 02:03 PM

Entra ID is not Active Directory. There is no way for ISE to 'join' Entra ID.

For authenticating/authorizing Sponsors against Entra ID, you would need to use the SAML-based method.
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216129-configure-ise-3-0-sponsor-portal-with-az.html

 

Go to solution
antcatt
Level 1
Level 1
In response to Greg Gibbs

‎02-25-2025 03:03 AM

Hello,
Thank you for the correction, I suspected that the join notion didn't make sense here.
I will review the shared documentation and work from that, thank you !

0 Helpful

Go to solution
antcatt
Level 1
Level 1

‎03-12-2025 08:39 AM

Hello,
Coming back on the topic, I started implementing the connection following the guide shared by Greg Gibbs.
I have a question regarding the value of field "Fully Qualified Domain Names (FQDN) and host names".
In there, I put an arbitrary value, different from my nodes FQDN. When I test the portal URL, it returns a DNS error, which seems logical considering I didn't ask to create a record with my arbitrary FQDN. 

I was wondering : 
- Should I use the FQDN of one of my nodes instead of an arbitrary one ?
- If not necessarily, what should I request as parameters for the arbitraty FQDN record ?

Thank you for your help.

0 Helpful
Customers Also Viewed These Support Documents