Connecting Cisco ISE 3.0 node to Active Directory

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: ISE 3.0
Platform: ISE Virtual Appliance, ISE Physical Appliance 

Cisco ISE 3.0 AD integration  

• ISE node must be added to domain as a host (computer) 

• ISE node needs privileges to read LDAP / AD directory (needed for authentication) 
• Need to have a user with privileges to add machines to the domain. There are specific cases when the ISE node is added to AD Offline. 
• Warning: adding ISE manually can lead to a situation where user provided for ISE External Identity Sources does not have to process join operation if there is a fail (after upgrade). 

Step 1 – Add Join Point

To add the ISE node to Active Directory, navigate to the External Identity Sources menu, select “Active Directory”, and add a new Join Point.

Step 2 – Connect Node to Active Directory

Then, confirm that you want to join nodes to Active Directory and fill in the domain information.

Step 3 – Confirm the connection

Finally, to confirm the AD join, look for a green “Operational” checkmark in the administration panel.

In our previous mini-tutorial, you can also check how to Connect ISE 2.1 Node to Active Drectory.