Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
2
Replies

USER Information

Go to solution
raymondmf
Level 1
Level 1

‎04-18-2019 09:45 AM

Currently have ISE deployed using EAP-TLS machine certificates. Would like now to be able to see the user information for those machines. Was told ISE-PIC will do that, but I am also told that is not the case as I already am doing EAP-TLS. 

 

Need a little clarification as to whether it means I do need to actually have to authenticate users as well.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 08:56 PM

Question is why do you want to use ISE-PIC and what is the use case?

 

ISE-PIC is used for Passive authentication using AD agent, syslogs, WMI and a few other ways. if you want active authentication you need ISE. ISE-PIC can gather information from AD but you need to consume this somewhere right?

https://community.cisco.com/t5/security-documents/ise-pic-faq/ta-p/3639377

 

If you want to authenticate user/machine for certificate authentication using EAP-TLS use ISE.

 

Thanks

Krishnan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
paul
Level 10
Level 10

‎04-18-2019 11:04 AM

ISE-PIC is just a stripped down version of ISE. You already are running the full version of ISE.  You have two options:

  1. Change your authentication on the clients to doing computer or user certificates.  Of course this means dealing with user cert enrollment, first time user logon, etc.
  2. Setup passive ID in ISE to scrap user to IP mapping from the domain controllers.
0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 08:56 PM

Question is why do you want to use ISE-PIC and what is the use case?

 

ISE-PIC is used for Passive authentication using AD agent, syslogs, WMI and a few other ways. if you want active authentication you need ISE. ISE-PIC can gather information from AD but you need to consume this somewhere right?

https://community.cisco.com/t5/security-documents/ise-pic-faq/ta-p/3639377

 

If you want to authenticate user/machine for certificate authentication using EAP-TLS use ISE.

 

Thanks

Krishnan

0 Helpful
Customers Also Viewed These Support Documents