cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
0
Helpful
0
Replies

ISE Certificate Authentication Profile queries

Brett Verney
Level 1
Level 1

Hi there,

I have a few questions around the Certificate Authentication Profile (CAP) in ISE.

1.)  If the goal is to only allow certificate based auth (EAP-TLS) do you NEED to select any of the identity stores in available list the Identity Source Sequence, if you have selected a CAP in the sequence?

2.)  There is an 'Identity Store' field in the CAP, can this be used in policy making decisions, (i.e. check the group membership of the user and assign VLANs etc through an AuthZ profile?

3.)  Does Binary Comparison on Certificates against AD create any overhead to the authentication process?

Regards,

Brett

0 Replies 0