cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
301
Views
0
Helpful
1
Replies

ISE MACHINE AUTHENTICATION

Hi,

I want to perform 802.1x user authentication together with Machine Authentication using Client Certificates. The problem is with Machines that are not in AD. Our policy allow users to bring their own devices as long as they comply to our posture policies. They can have full network access. How do I use certificates to authenticate non domain computers? User authentication will continue to be AD credentials even for non AD computers. We have our internal CA server that we use to generate manually client certificates for these non domain computers.

 

Regards,

Stanslaus.

1 Reply 1

bern81
Beginner
Beginner

Hi,

 

For non-Domain devices, you can create a Certificate Authentication Profile (CAP) that points to lets say the Subject CN field but leave

the identity Store empty (like this it doesn't fetch an AD to see if the computer exist in one of its groups).

 

Then in the authentication Policy you can create a rule like this:

- If Certificate issuer common name = your CA cert CN   the use the CAP created above.

Of course you can do many combination in the Authentication policy to be more granular.

 

I hope this helped.

 

Please rate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: