Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
3
Replies

Can Cisco UCS be configured for SSO and 2-factor authentication..using SAML Integration..?

Beacon Bits
Level 1
Level 1

‎07-01-2021 08:03 AM

Hi everyone,

 

W have Cisco UCS that we login through TACACS using Cisco ACI. This is basic and straight forward setup!

 

I have requirement now to login through SSO as we do for some other devices using Azure SAML integration.

 

I couldn't find any document for UCS SSO login option with SAML integration.

 

Is there any way that we could login UCS > ISE (TACACS) > Azure SAML > Back to ISE > then login successful on UCS?

 

I have done the Cisco ISE integration with the Azure SSO SAML Integration and then on successful login Sponsor portal opens the UCS login page but does not go further in login into the UCS.

 

Am I doing the right way or any document or guideline please anyone?

 

Regards,

B

Labels:
0 Helpful
3 Replies 3

Kirk J
Cisco Employee
Cisco Employee

‎07-02-2021 05:22 AM

UCSM does not support SAML logins.

The 2 factor options are radius and TACACS.

Intersight does support SAML, and you could register your UCSM domain(s) in intersight, and launch UCSM admin UI via intersight.

 

Kirk...

0 Helpful

Beacon Bits
Level 1
Level 1
In response to Kirk J

‎07-02-2021 08:37 AM - edited ‎07-02-2021 08:39 AM

Thanks @Kirk J .

 

UCSM does not support SAML Integration. Correct!

 

But ISE does. So can it possible that ISE get the authentication success token from Azure SSO and give back to ISE and then ISE send login successful to the UCSM.

 

Login into UCSM > it goes to ISE. Then ISE get the authentication successful token and give back to UCS for login

(Not sure if I'm making sense but virtually this is what I'm trying to do)

 

There is also no option for  "SAML id Provider" to be added into "Identity Source Sequence".

0 Helpful

Beacon Bits
Level 1
Level 1

‎07-02-2021 09:17 AM

I have found the answers to some of my own questions as usual:

 

1 - SAML is NOT available for administrative login to ISE.

2 - SAML can only be used for ISE's guest services.

- SAML providers cannot be used within an "Identity Source Sequence"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card