With the enhancements in ISE 3.0 for integrating with Azure AD via SAML IdP, it is now possible to leverage Microsoft Single Sign-On for multiple ISE Portals (for example Sponsor and Guest/BYOD Portals).
At the time of this writing, ISE cannot create more than one SAML Id Provider with the same Azure tenant ID. As such, one cannot create separate Azure AD Enterprise Applications for the different use cases and map them to separate SAML Id Providers in ISE.
In addition, using separate Azure Enterprise Applications mapped to a single SAML IdP results in an error after redirection and login stating “There was a problem accessing the site. Please contact help desk for assistance"
The current workaround is to use a single Azure AD Enterprise Application for both use cases that maps to a single SAML IdP in ISE.
This document provides an example configuration for using Azure AD for SSO login on both the Sponsor and Guest/BYOD Portals.
Cisco recommends that you have knowledge of these topics:
Cisco ISE 3.0
Basic knowledge about SAML SSO deployments
The configuration described in this document is based on Sponsor and BYOD use cases and configurations described in the following documents.
We are in the process of deploying an FTD on a 4110. We have access to the web interface of the firewall chassis manager and the fxos via ssh. I uploaded FTD-6.6.4 onto the appliance, and I'm trying to create a logical FTD device. There is the one managem...
Dear Community, I would like to implement Host Discovery as part of the Network Discovery Policy. However, I had a few questions: 1) The Config guide states: "Rules in your network discovery policy are evaluated sequentially. You can create rule...
I configured my IPS policy by filtering by maleware and selecting "Drop and Block" for all snort rules. I have this event coming up (See atttached) matching one of the rules. Its the internal DNS server it seems being flagged as the attacker and event sug...
I have an upcoming project that requires the configuration of a FTD, I'm new to FTD so this will be a learning curve. From the research I've done you can create static route leaking from one VRF to another VRF on the FTD, does this route leak create a sta...
Hi,We are new to ISE and trying to establish a FTP connection between cisco ISE and FTP-server over a network.The device where my FTP reside is not directly reachable to ISE but Natted. On ISE, when creating repository, we are using NAT IP address as...