Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
1
Replies

ISE 2.4 certificate provisioning

Go to solution
yurii.chornyi
Level 1
Level 1

‎04-10-2019 06:15 AM

Hi guys! 

I'm on a way deploying ISE 2.4 to our infrastructure. Dot1x with EAP-TLS is already deployed. Everything is deployed in Azure. Important thing to know is the fact that we DO NOT have Classic AD. Only Azure AD so no group policies are available. ISE acts as CA and certificates are being issued ove Certificate provisioning portal on per-user basis. Solution itself works fine however we're looking for some automatization because we want to make more than 1k users for EAP-TLS instead of MS-CHAPv2. It is not a best idea to enforce each user to generate certificate manually. 

That's why we're looking for solution which will help as to generate and distribute client certificates. We have plans to connect MS Intune as MDM solution for device posturement. Might be we can utilize Intune for certificate distribution.... I haven't found any documentation so far.

Many thanks for your answer or suggestions! 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-10-2019 08:06 AM

ISE has the ability to allow the user to onboard using ISE CA and our BYOD flow. There is also the API for certificate provisioning portal. There is no integration for an external system to use our internal CA although perhaps possible.

MDM providers will also have the ability to onboard devices with certificates and profiles themselves but they use their own CA or perhaps external, not ISE.

Information on intune integration is under
http://cs.co/ise-guides

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-10-2019 08:06 AM

ISE has the ability to allow the user to onboard using ISE CA and our BYOD flow. There is also the API for certificate provisioning portal. There is no integration for an external system to use our internal CA although perhaps possible.

MDM providers will also have the ability to onboard devices with certificates and profiles themselves but they use their own CA or perhaps external, not ISE.

Information on intune integration is under
http://cs.co/ise-guides

0 Helpful
Customers Also Viewed These Support Documents