Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2600
Views
0
Helpful
8
Replies

Sponsor Portal with authentication active directory

nstr1
Level 1
Level 1

‎09-07-2018 09:40 PM 

I have an ISE 1.4 standalone in the ise I have an active directory configured. I did an authentication test to the active directory and the authentication was successful.

I am also setting up a portal sponsor and the administrators of the portal sponsor will be users defined in a group of the active directory.

but when I use a user of the active directory in the portal sponsor it shows me "authentication error"

But in the sponsor group I specify that you use the active directory group.

What am I doing wrong or what is the configuration that I need?

I have to define it also in Adminitration> Identity Management> Identity Source Sequences
???
 
0 Helpful
8 Replies 8

paul
Level 10
Level 10

‎09-08-2018 07:13 AM

All portals in ISE use identity source sequences (ISS) to tell them where to authenticate users against.  So even if you have one authentication source you need to define a sequence.  If you are just going to use active directory then device an ISS called Active_Directory and assign your AD definition to it.  Then assign Active_Directory as the ISS to your sponsor portal.  

 

I usually build an ISS called AD_Local and assign Active Directory and Internal Users so I can setup local accounts to test various conditions as needed.

0 Helpful

nstr1
Level 1
Level 1
In response to paul

‎09-10-2018 10:48 AM

 

 

I did what you say assign the ISS with the AD and in my Sponsor it also defines the ISS, but it still does not authenticate me.

 

partly I must define, "Sponsor Group" because in the sponsor gruop defines which group of the AD authenticated in the sponor ?????

 

Preview file
99 KB
0 Helpful

nstr1
Level 1
Level 1
In response to nstr1

‎09-10-2018 10:49 AM

 
Preview file
85 KB
Preview file
93 KB
Preview file
99 KB
0 Helpful

paul
Level 10
Level 10
In response to nstr1

‎09-10-2018 10:49 AM

You have to assign an AD group to the sponsor groups to get into the Sponsor Portal.

0 Helpful

nstr1
Level 1
Level 1
In response to paul

‎09-10-2018 10:57 AM

 

 

I am using the sponsor group default, there specify the group of the AD, but in my configuration in which part I add this group ??

Preview file
83 KB
0 Helpful

paul
Level 10
Level 10
In response to nstr1

‎09-10-2018 10:59 AM

You have to add your AD groups into ISE on the Administration->Identity Management->External Identity Sources->Active Directory. Then go to the Groups tab and map in the desired AD groups and then assign the AD groups to the sponsor groups.


0 Helpful

nstr1
Level 1
Level 1
In response to paul

‎09-10-2018 11:05 AM

 

 

ok, also configure it

Preview file
86 KB
0 Helpful

kthiruve
Cisco Employee
Cisco Employee
In response to nstr1

‎09-10-2018 01:05 PM

Please look at the logs and see what is going on from the steps in the logs.

Also make sure that the authentication policy has MAB first and your MAB authentication results in URL-redirection etc.

Your authorization policy should have the right authorization profile as well to allow guest acess.

Finally make sure you change the sponsor portal and add AD under the right group.

Check out the flow in Guest deployment guide. Though this is for latest, some of the workflows are the same.

https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475?attachment-id=160597

 

Thanks

Krishnan

0 Helpful
Customers Also Viewed These Support Documents