cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
211
Views
0
Helpful
1
Replies
Highlighted
Beginner

ISE 2.4 certificate provisioning

Hi guys! 

I'm on a way deploying ISE 2.4 to our infrastructure. Dot1x with EAP-TLS is already deployed. Everything is deployed in Azure. Important thing to know is the fact that we DO NOT have Classic AD. Only Azure AD so no group policies are available. ISE acts as CA and certificates are being issued ove Certificate provisioning portal on per-user basis. Solution itself works fine however we're looking for some automatization because we want to make more than 1k users for EAP-TLS instead of MS-CHAPv2. It is not a best idea to enforce each user to generate certificate manually. 

That's why we're looking for solution which will help as to generate and distribute client certificates. We have plans to connect MS Intune as MDM solution for device posturement. Might be we can utilize Intune for certificate distribution.... I haven't found any documentation so far.

Many thanks for your answer or suggestions! 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.4 certificate provisioning

ISE has the ability to allow the user to onboard using ISE CA and our BYOD flow. There is also the API for certificate provisioning portal. There is no integration for an external system to use our internal CA although perhaps possible.

MDM providers will also have the ability to onboard devices with certificates and profiles themselves but they use their own CA or perhaps external, not ISE.

Information on intune integration is under
http://cs.co/ise-guides

1 REPLY 1
Cisco Employee

Re: ISE 2.4 certificate provisioning

ISE has the ability to allow the user to onboard using ISE CA and our BYOD flow. There is also the API for certificate provisioning portal. There is no integration for an external system to use our internal CA although perhaps possible.

MDM providers will also have the ability to onboard devices with certificates and profiles themselves but they use their own CA or perhaps external, not ISE.

Information on intune integration is under
http://cs.co/ise-guides