04-10-2019 12:38 AM
Hello to everyone!
I'm testing ISE 2.4 for future deployment. Here are 2 main goals:
1. Full integration for dot1x with EAP-TLS.
2. Client posturement and integration with MS Intune.
I'm stuck with first point though. ISE uses Azure ADDS as identity store. We don't have classic on-prem AD. Authentication itself works fine. Certificates are generated over Certificate Provisioning portal.
But here is the problem. Since all clients are connected to MS Intune they got default certificate which is stored in Personal user certificates. When I install certificate which is generated over portal it is being put into same directory and has same CN (user@mydomain.com). So 2 certificates with same CN user@mydomain.com are placed in same folder. Hereby when user clicks "use certificate for auth" then wrong certificate is being used by Windows (default from Intune).
Is it possible to change somehow order for certificates or there might be another solution? Could Client Provisioning with Native Supplicant configuration solve the issue?
Solved! Go to Solution.
04-10-2019 05:25 AM
04-10-2019 05:53 AM
04-10-2019 05:25 AM
04-10-2019 05:47 AM
Yes, Thank you!
I've chosen only one Certificate issues and it works fine.
Another question. Is anybody knows how to do some generate certificates on ISE automatically? Might be in some collaboration with intune...
04-10-2019 05:53 AM
07-29-2019 04:59 AM
Hello,
I am reading your post and just wonder how did you managaged to integrate Azure ADDS as identity store in ISE ?
Best regards,
Piotr
07-29-2019 05:00 AM
Hi,
I am reading your post I wonder how did you managed to integrate Azure ADDS as identity store in ISE ?
Best regards,
Piotr
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide