cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
130
Views
0
Helpful
0
Replies

Multiple domain AD and Entra ID UPN

zeeshan-iqbal65
Level 1
Level 1

Clarification on Integrating Entra ID with Cisco ISE using REST API and Microsoft Graph

I need clarification on the process of integrating Microsoft Entra ID with Cisco ISE (version 3.3) using the REST API and Microsoft Graph.

Current Setup:

  • Users are currently authenticated using machine-based authentication.
  • Machines are running Windows10 and 11.
  • The organization wants to transition from on-premises authentication to Entra ID for Windows 11 machine.

Planned Approach:

  1. Integrate Microsoft Entra ID via REST API.
  2. Create a Certificate Authentication Profile (CAP) in Cisco ISE.
  3. Ensure authentication is processed using Entra ID as the identity provider.

Issue:

  • The Common Name (CN) in the user certificates is registered under a different domain than the User Principal Name (UPN) in Microsoft Entra ID.
  • This could potentially cause authentication failures.

Questions:

  1. Will authentication fail due to the CN and UPN mismatch?
  2. Is there a way to configure Cisco ISE to check multiple domains for UPN verification?
  3. Can Cisco ISE be configured to map CN to UPN dynamically across multiple domains?

Any insights or recommendations on handling this scenario would be appreciated.

0 Replies 0