Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am testing a remote access VPN tunnel-group with certificate + SAML with Entra ID authentication. The login works, but it's not a very "seamless" experience as the Entra ID authentication always prompts for username before the authentication method...
Grasping to straws here, but I'll give it a shot.Got an ASA connection profile that uses SAML authentication with Azure AD for guest accounts in our tenant. Authentication works fine, but I would like to pass the username to Cisco ISE for authorizati...
I have configured the REST ID store with Azure AD, and I am able to synchronize groups from our external directory to ISE.My intention was to use this for AUTHZ of external accounts (guests in our Azure tenant) that authenticate for VPN access throug...
Anyone here successfully used Microsoft’s Power Automate to connect to the Admin API?
I am building a Power App within our tenant that I can use for simple tasks such as reactivation of users when changing phone etc, without having to log in (simpler...
Hi @hslai, you are correct. I actually tried using user.objectid already, but the AUTHZ policy still failed for this. That is why I kept looking for another claim type to be returned that would represent the full "local" UPN (which is the xxx#EXT#@yo...
@hslai, so this had to mature a while before I realized what you were suggesting. I originally thought that you were implying some change in the App ID registration for the ISE <-> ROPC connection, but of course you were suggesting that I should chan...
Thank you for the suggested solution - it got me intrigued to suggest that we could simply use a LUA script to modify the username in such a manner.However, I cannot see that there is a way to apply a LUA script for the tunnel-group or the SAML IdP i...
Thanks for replying. I am familiar with the document, but I don't see how it answers my question. If I'd have to guess I would think you are implying that all REST ID lookups are done with the UPN.Could you elaborate?
