Folks,
We’ve got a customer who is adopting Azure AD and has operations in several countries.
Their use case includes 802.1X for wired/wireless, VPN and Guest services.
As far as i know, we currently support Azure AD with SAML, which could take care of the Guest Services and VPN part of the request (https://community.cisco.com/t5/security-documents/notes-on-azure-ad-as-saml-idp/ta-p/3644255). However, for 802.1X wired/wireless services, it is my understanding that we officially do not support it yet (https://community.cisco.com/t5/network-access-control/ise-integration-with-azure-ad/td-p/3805022). I’ve seen some notes on the possibility about using LDAPS, but this approach has limitations (ie: PEAP-MSCHAP-v2). Other folks advise to join MS AD directly. It is my understanding that ISE on Public Cloud is on the roadmap as well.
Please, any advise, experiences, ideas, official take on on this or roadmap information is more than welcome.
Thank you.
Regards,
.:|:.:|:. Cristian Venegas | Technical Solutions Architect - Security | +56 (9) 9632 1494 | crvenega@cisco.com
