06-26-2019 11:23 AM
Hello,
I have a customer that has asked whether we can add two-factor authentication to the Admin Access side of ISE via OKTA as a SAML provider. I have only ever configured this with native AD integration based on a security group.
Does anyone have any idea if the Admin Access (access to the ISE GUI) can be integrated with OKTA?
The ISE 2.6 guide mentions only some of the actual portals for end users, not administrators.
Thanks!
解決済! 解決策の投稿を見る。
06-26-2019 05:39 PM
No, not currently. SAML is only supported for Guest, Mydevices, Sponsor, and Certificate provisioning portal.
06-26-2019 05:39 PM
No, not currently. SAML is only supported for Guest, Mydevices, Sponsor, and Certificate provisioning portal.
06-30-2019 05:52 AM
Thanks! Is there any way to do multi-factor authentication for Admin Access?
06-30-2019 07:43 AM
@jordanburnett wrote:
... Is there any way to do multi-factor authentication for Admin Access?
Yes, MFA does not require SAML. See an example how it can be done at Solved: MFA for ISE admin access? - Cisco Community
10-16-2023 09:59 AM
Does anyone know if this has changed by chance? It has been 4 years. I was hoping with could do SAML for the admin portal of ISE 3.3
10-16-2023 02:22 PM
Yes, SAML is supported for authentication of the Admin GUI. See this example and see if you can tweak it for your use case.
Configure ISE 3.1 ISE GUI Admin Log in Flow via SAML SSO Integration with Azure AD
10-16-2023 04:21 PM
Thank you! I will note that I had to deviate from the instructions under the sections 7. Configure Active Directory Group Attribute and Step 4. Configure SAML Groups on ISE. Under 7. Configure Active Directory Group Attribute, instead of giving the group claim a custom name, I had to leave the claim name for groups as the default, http://schemas.microsoft.com/ws/2008/06/identity/claims/groups, and then under Step 4. Configure SAML Groups on ISE, for the group membership attribute, instead of just putting "groups", I had to put http://schemas.microsoft.com/ws/2008/06/identity/claims/groups and then the group mapping worked.
11-07-2024 10:26 AM 11-07-2024 10:33 AM 更新
Hi Jmorton1-
Edit: Sorry Re-read and saw you are probably using Azure AD and not another SAML provider.
エキスパートの回答、ステップバイステップガイド、最新のトピックなどお気に入りのアイデアを見つけたら、あとで参照できるように保存しましょう。
コミュニティは初めてですか?これらのヒントを活用してスタートしましょう。 コミュニティの活用方法 新メンバーガイド