Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
0
Replies

ISE Certificate Authentication Profile queries

Brett Verney
Level 1
Level 1

‎07-24-2017 06:20 PM - edited ‎03-11-2019 12:53 AM

Hi there,

I have a few questions around the Certificate Authentication Profile (CAP) in ISE.

1.)  If the goal is to only allow certificate based auth (EAP-TLS) do you NEED to select any of the identity stores in available list the Identity Source Sequence, if you have selected a CAP in the sequence?

2.)  There is an 'Identity Store' field in the CAP, can this be used in policy making decisions, (i.e. check the group membership of the user and assign VLANs etc through an AuthZ profile?

3.)  Does Binary Comparison on Certificates against AD create any overhead to the authentication process?

Regards,

Brett

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents