Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5227
Views
6
Helpful
9
Replies

ISE SAML with Google IdP

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-28-2016 07:26 PM

Google is not listed as a tested SAML IdP in the Release Notes for ISE 2.1.

Are there plans to test/validate Google IdP against either ISE 2.1 or 2.2?

We have a large retailer that has expressed interest in ISE, but they are moving to Google as an ID source for some specific groups.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-29-2016 05:07 AM

As ISE 2.1 supports SAML 2.0 generically, we are testing with a selective set of IdPs. Customers and partners are welcome to try any SAML 2.0 compliant IdPs themselves.

Please direct roadmap items to our product management team.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-29-2016 05:07 AM

As ISE 2.1 supports SAML 2.0 generically, we are testing with a selective set of IdPs. Customers and partners are welcome to try any SAML 2.0 compliant IdPs themselves.

Please direct roadmap items to our product management team.

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-14-2017 08:43 AM

Not sure if you are still looking at Google SAML Idp integration with ISE, but here is one you can use:

Google Suite Guest SSO (Single Sign On) with ISE via SAML for Chromebooks

Go to solution
lul3
Cisco Employee
Cisco Employee
In response to howon

‎02-03-2020 01:14 AM

Hi,

 

May I check if we tested the same (ISE with google SAML ldp) on Windows/Mac OS please?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to lul3

‎02-03-2020 03:13 PM

As per the ISE Admin Guide, SAML IdP is only supported for Portal-based authentications. It cannot currently be used in conjunction with 802.1x for endpoint authentication.

 

Cheers,

Greg

0 Helpful

Go to solution
lul3
Cisco Employee
Cisco Employee
In response to Greg Gibbs

‎02-04-2020 12:05 AM

Thanks Greg!

0 Helpful

Go to solution
stayd
Level 1
Level 1
In response to Greg Gibbs

‎11-16-2023 04:22 AM

After 3 years, do you know is there any change ?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to stayd

‎11-16-2023 01:18 PM

Similar question posted on another topic... SAML is browser-based, so it would require some significant updates to existing EAP protocols or a new EAP protocol to provide this functionality. This is not an ISE limitation, but rather an industry-wide limitation.

0 Helpful

Go to solution
Saied Ehsan Alavi Fazel
Cisco Employee
Cisco Employee

‎08-07-2017 03:00 AM

Thanks for the post, can you clarify if the authenticatation domain is limitted to the G-Suite users or can authenticate against any google account?

The reason for asking is, my customer is looking to allow anyone with google account to be able to sing on into their guest WiFi, the above works well on my test lab with only users within my g-suite domain. I used a generic google account to sign on and getting 403 error: app_not_configured_for_user. (it may well be a configuration error, however before I go further, I wanted to check as if I am on the right track)

Any help is greatly appreciated.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Saied Ehsan Alavi Fazel

‎08-07-2017 05:41 AM

Ise doesn't support Google accounts for guest wifi

Ise 2.3 just added Facebook as a social media provider

You would need to check with google if this could be extended

0 Helpful
Customers Also Viewed These Support Documents