Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
194
Views
0
Helpful
6
Replies

Is 802.1x + google sso authentication possible?

CCC3
Level 1
Level 1

‎06-18-2025 11:43 PM

As far as I know, when I use cwa that floats a redirection page like google sso
I understand that you use OPEN + MAB.

I'm trying to set the authentication method of SSID to 802.1X and two-factor authentication through google so, is it possible?

0 Helpful
6 Replies 6

Arne Bier
VIP
VIP

‎06-22-2025 01:53 PM

Not sure if that is feasible in any situation, since 802.1X authentication is very chatty and doesn't happen in a single Request/Response - you would need a system that can keep track of state and do the SSO. ISE supports SAML for the Admin portals but not for Policy Set Authorization workflows. In SSO there is quite a bit of setup (Federation Metadata exchange) and that doesn't exist in ISE for this use case.

SSO works better at the application authentication level (e.g. app web logins), than it does at the network authentication level (i.e. client connecting to network).

0 Helpful

CCC3
Level 1
Level 1
In response to Arne Bier

‎06-22-2025 04:56 PM

I'm currently using PSK + google SSO
If you enter the PSK correctly when you connect the wireless, you will get a google SSO portal page.

By the way, I was wondering if it would work even if I changed it to 802.1X instead of PSK.

0 Helpful

Arne Bier
VIP
VIP
In response to CCC3

‎06-22-2025 05:09 PM

@CCC3 - where did you configure the "Google SSO" ? On the WLC?  How does that work?

0 Helpful

CCC3
Level 1
Level 1
In response to Arne Bier

‎06-22-2025 05:47 PM

Google sso is set in ise.

It's similar to the cwa motion

If you try to access the SSID, enter the PSK and
If the PSK value is correct, show the page and log in by entering your google account.

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to CCC3

‎06-22-2025 09:44 PM

Yes, you could implement the same flow using 802.1x + SAML in a portal flow.

The SSID would be secured using 802.1x and after authenticating to the SSID using 802.1x, you could redirect the user to a Guest portal that authenticates the user against the SAML IdP (Google SSO, in this case).

0 Helpful

CCC3
Level 1
Level 1
In response to Greg Gibbs

‎06-22-2025 09:52 PM

Thank you.

Additionally, what I checked is that in this case, you cannot use the MAB you used before.
I understand that CISCO generally uses MAB when using forms such as CWA (google SSO)

Is it CISCO's recommendation for using 802.1X + Google SSO?

0 Helpful
Customers Also Viewed These Support Documents