Solved: ISE integration with Azure AD

yurii.chornyi · ‎02-19-2019

Hi all!

I have multiple problems using 802.1x authentication in my environment. Wu currently use cisco wlc -> MS NPS -> Azure AD

We're looking for possibility to replace NPS with brand new Cisco ISE.

Is it possible to use Azure AD as external identity source for 802.1x?

Probably someone could provide guide how to configure such interaction.

Mohammed al Baqari · ‎02-19-2019

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.

View solution in original post

Jason Kunst · ‎09-03-2019

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm

View solution in original post

Mohammed al Baqari · ‎02-19-2019

Yes, this possible. From ISE, you are can Azure AD by joining ISE to domain
or adding it as LDAP server. Both ways you can get the integration working
(there are limitation if you use it as LDAP). To join ISE to domain, you
need to configure ISE with domain DNS servers to resolve the domain to
azure AD.

moniamechirgui · ‎08-13-2019

Hi,

Can you share the "how to integrate ISE with Azure AD as LDAP" document. do we need an ISE interface which is Publicly reachable by Azure ?

tjarvent@cisco.com · ‎09-01-2019

Do we have any documentation on this topic, so how to integrate ISE with Azure AD for Cisco wireless authentication?

Jason Kunst · ‎09-03-2019

Microsoft has this Configure secure LDAP for an Azure AD Domain Services managed domain
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Our team has not officially tested this or more general AAD use cases for DOT1X auth. please reach out to http://cs.co/ise-feedback for public access to roadmap or internally via http://cs.co/ise-pm

iantriggs · ‎11-12-2019

This advice is not correct. Azure AD is not Active Directory nor is it accessible via LDAP. I haven't run through the setup yet, but maybe you can try this - https://community.cisco.com/t5/security-documents/notes-on-azure-ad-as-saml-idp/ta-p/3644255

Petri Kemppainen · ‎10-29-2019

Hi!

Do you have document available where has been told that Azure ad works as authentication source?

If i try to add Azure AD LDAPS connection, ISE says that socket is closed? Why?

And with Clearpass i can connect to azure and use it for tacacs and admin authentication but not 802.1x authentication.

-Petri

Petri Kemppainen · ‎09-18-2019

Hi!

So you have working environment with on premise WLC, NPS and Azure AD?

Could you give me guidance how you can manage to do that? On premise NPS can use azure as authentication source? We have that same setup and at this point is would be enought if we can autenticate against Azure AD.

How can i make connection from NPS to Azure AD?

-Petri