About rdstoknes

rdstoknes · 02-26-2025

I am testing a remote access VPN tunnel-group with certificate + SAML with Entra ID authentication. The login works, but it's not a very "seamless" experience as the Entra ID authentication always prompts for username before the authentication method...

rdstoknes · 09-29-2023

Grasping to straws here, but I'll give it a shot.Got an ASA connection profile that uses SAML authentication with Azure AD for guest accounts in our tenant. Authentication works fine, but I would like to pass the username to Cisco ISE for authorizati...

rdstoknes · 09-28-2023

I have configured the REST ID store with Azure AD, and I am able to synchronize groups from our external directory to ISE.My intention was to use this for AUTHZ of external accounts (guests in our Azure tenant) that authenticate for VPN access throug...

rdstoknes · 11-28-2020

Anyone here successfully used Microsoft’s Power Automate to connect to the Admin API? I am building a Power App within our tenant that I can use for simple tasks such as reactivation of users when changing phone etc, without having to log in (simpler...

rdstoknes · 10-09-2023

Hi @hslai, you are correct. I actually tried using user.objectid already, but the AUTHZ policy still failed for this. That is why I kept looking for another claim type to be returned that would represent the full "local" UPN (which is the xxx#EXT#@yo...

rdstoknes · 10-08-2023

@hslai, so this had to mature a while before I realized what you were suggesting. I originally thought that you were implying some change in the App ID registration for the ISE <-> ROPC connection, but of course you were suggesting that I should chan...

rdstoknes · 10-07-2023

@hslaithanks for the suggestion. Any suggestion on how to achieve this?

rdstoknes · 10-03-2023

Thank you for the suggested solution - it got me intrigued to suggest that we could simply use a LUA script to modify the username in such a manner.However, I cannot see that there is a way to apply a LUA script for the tunnel-group or the SAML IdP i...

rdstoknes · 09-29-2023

Thanks for replying. I am familiar with the document, but I don't see how it answers my question. If I'd have to guess I would think you are implying that all REST ID lookups are done with the UPN.Could you elaborate?

Member Since	‎04-19-2018 02:53 AM
Date Last Visited	‎04-29-2025 11:19 AM
Posts	14
Total Helpful Votes Received	3

User Statistics

User Activity

ASA remote access VPN - Entra ID SAML with username from certificate

Connection profile - authorization LUA script to change username

Cisco ISE 3.2 REST ID store

Accessing Admin API from Microsoft Power Automate

Re: Cisco ISE 3.2 REST ID store

Re: Cisco ISE 3.2 REST ID store

Re: Cisco ISE 3.2 REST ID store

Re: Connection profile - authorization LUA script to change username

Re: Cisco ISE 3.2 REST ID store