Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1603
Views
0
Helpful
3
Replies

Positioning ISE to authenticate with G-Suite

Go to solution
ghannoun
Cisco Employee
Cisco Employee

‎11-20-2019 04:20 AM

Hi Team,

customer is managing all school students/schools in the country. currently they provide internet access to students via captive portal of fortigate. for every user they create a local account, so the student use these credentials to access the internet.

their current approach and since they have all users created by default in their Gsuite, is to let fortigate connect to Gsuite as an external directory. and let the students sign in to that captive portal using Gsuite logins. basically it is a SSO scenario between firewall and Gsuite. Fortinet are proposing Fotiauthenticator, which will play the role of SSO between Fortigate and the Gsuite.

 

we are trying to offer ISE for the same purpose. the idea is to offload authentication and captive portal from the firewall.  questions:

- does ISE have the capability to add Gsuite as external authentication source?

- if yes, what is the optimum scenario? is it by keeping the captive portal on Fortigate and let fortigate connect with ISE for authentication?

- or removing all authentication proces from fortigate and configure captive portal on ISE and adding Gsuite as external authentication?

 

appreciate if anyone has had such a scenario to share it with me, and of course i'd like to brainstorm to come up with a great solution

 

thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ghannoun

‎11-25-2019 06:42 AM

Its likely possible if you can get it to work with SAML 2.0 like other providers at http://cs.co/ise-guest it hasn't been specifically tested but there are other SAML providers we don't test as well. I have copied @hslai and @howon as well to see what they think

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-22-2019 03:06 PM

Sounds like you might integrate with gsuite with SAML portal? ISE has guest and BYOD flows for this using SAML 2.0
https://cs.co/ise-guest
check under SAML flows for the idea

our BYOD has integration
https://cs.co/ise-byod
check gsuite there
0 Helpful

Go to solution
ghannoun
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎11-23-2019 12:49 AM

Hi Jason,

I saw a discussion where replying to same subject. I found official document only talking about the chromebook case. Can we say this also applies to the scenario of having all users in G-suite. And when I want to allow access to internet as a guest, students can use their g-suite account? Adding G-suite as external directory is possible with ISE right? And just help me in step by step like scenario with a student connection to wifi and then? What happens ehere?
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ghannoun

‎11-25-2019 06:42 AM

Its likely possible if you can get it to work with SAML 2.0 like other providers at http://cs.co/ise-guest it hasn't been specifically tested but there are other SAML providers we don't test as well. I have copied @hslai and @howon as well to see what they think

0 Helpful
Customers Also Viewed These Support Documents