Re: windows single sign on with 802.1x(wireless) -ISE

malel2015 · ‎09-05-2017

Hi,

How it is possible first time logon users able to login with their domain credentials ( wireless dot1x)

What must be done in the ISE

Thanks

agrissimanis · ‎09-06-2017

This would not be a problem for domain credential based authentication (PEAP, etc.), you would not need any specific configuration for the first time logins. Just configure ISE authentication and authorization policies, there are many tutorials on how to do that.

In case of certificate based authentication (EAP-TLS) you wold need to provision certificates beforehand.

This is just a quick answer, there are many potential scenarios, depending on how your environment is set up, what supplicant you are using, etc.

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎09-09-2017

Hi Male
As agrissimanis mentioned, it is pretty easy but need ISE and Supplicant configuration as summary of what you need:
-AD Integration with Cisco ISE as External Identity Source.
-User / Machine Authentication or both.
-The Authentication Protocol of Choice (PEAP, EAP-FAST, EAP-TLS) Each have its own considerations.
-The use of EAP-Chaining (Applicable only if you choose EAP-FAST)
-Supplicant type (Some considerations are here)
-Supplicant Operating Systems.
-Infrastructure support (PKI for TLS tunnel negotiation, SCCM for Supplicant rollout, AD GPO for Certificate enrolment for Endpoints, etc..)

malel2015 · ‎09-10-2017

Hi,

Thanks for all . But still How my authentication authorization profile look like for the above purpose

any examples ?

Thanks