07-01-2021 08:03 AM
Hi everyone,
W have Cisco UCS that we login through TACACS using Cisco ACI. This is basic and straight forward setup!
I have requirement now to login through SSO as we do for some other devices using Azure SAML integration.
I couldn't find any document for UCS SSO login option with SAML integration.
Is there any way that we could login UCS > ISE (TACACS) > Azure SAML > Back to ISE > then login successful on UCS?
I have done the Cisco ISE integration with the Azure SSO SAML Integration and then on successful login Sponsor portal opens the UCS login page but does not go further in login into the UCS.
Am I doing the right way or any document or guideline please anyone?
Regards,
B
07-02-2021 05:22 AM
UCSM does not support SAML logins.
The 2 factor options are radius and TACACS.
Intersight does support SAML, and you could register your UCSM domain(s) in intersight, and launch UCSM admin UI via intersight.
Kirk...
07-02-2021 08:37 AM - edited 07-02-2021 08:39 AM
Thanks @Kirk J .
UCSM does not support SAML Integration. Correct!
But ISE does. So can it possible that ISE get the authentication success token from Azure SSO and give back to ISE and then ISE send login successful to the UCSM.
Login into UCSM > it goes to ISE. Then ISE get the authentication successful token and give back to UCS for login.
(Not sure if I'm making sense but virtually this is what I'm trying to do)
There is also no option for "SAML id Provider" to be added into "Identity Source Sequence".
07-02-2021 09:17 AM
I have found the answers to some of my own questions as usual:
1 - SAML is NOT available for administrative login to ISE.
2 - SAML can only be used for ISE's guest services.
3 - SAML providers cannot be used within an "Identity Source Sequence"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide