Connecting Cisco ISE 3.0 node to Active Directory

Design & Configure

Connecting Cisco ISE 3.0 node to Active Directory

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: ISE 3.0
Platform: ISE Virtual Appliance, ISE Physical Appliance 

 

Cisco ISE 3.0 AD integration  

  • ISE node must be added to domain as a host (computer) 
  • ISE node needs privileges to read LDAP / AD directory (needed for authentication) 
  • Need to have a user with privileges to add machines to the domain. There are specific cases when the ISE node is added to AD Offline. 
  • Warning: adding ISE manually can lead to a situation where user provided for ISE External Identity Sources does not have to process join operation if there is a fail (after upgrade). 

 

Step 1 – Add Join Point

To add the ISE node to Active Directory, navigate to the External Identity Sources menu, select “Active Directory”, and add a new Join Point.

Cisco ISE Identity Management

 

Step 2 – Connect Node to Active Directory

Then, confirm that you want to join nodes to Active Directory and fill in the domain information.

Identity Sevice Engine Cybersecurity

Step 3 – Confirm the connection

Finally, to confirm the AD join, look for a green “Operational” checkmark in the administration panel.

 

In our previous mini-tutorial, you can also check how to Connect ISE 2.1 Node to Active Drectory.

Author: Jaroslaw Banakh
 
PreviousNext
 

Newsletter