Hello,
We have a SDA network with DNAC and ISE.
In this network we have different teams with different AD domain and PKI. (domains do not trust each other)
Users are only sharing same switches in the fabric.
We want to authenticate the endpoints with EAP-TLS.
Each domain computer receives a machine cert for the domain it belongs
Will ISE be able to check the machine certificate against each CA and then check for a group in the corresponding AD?
Can I have only 1 Identity Source Sequence with all the Active Directory to acheive this?
Are there some restrictions or any caveats?
Thanks