How to Create a Microsoft Azure Active Directory Realm
This topic discusses the high-level tasks of creating a Microsoft Azure Active Directory (AD) realm for use with the Secure Firewall Management Center.
Procedure
| Command or Action | Purpose | |
|---|---|---|
Step 1 | Enable the Cisco Secure Dynamic Attributes Connector. | The Cisco Secure
Dynamic Attributes Connector is required to use a Microsoft Azure AD realm. You can do it first or you can enable it when you create the realm. . |
Step 2 | Configure Microsoft Azure AD. | Several configuration tasks are required, including setting up an event hub, giving your application permission to the Microsoft Graph API, and enabling the audit log. |
Step 3 | Configure ISE. | The way you configure ISE depends on how users authenticate with your system. For more information, see How to Configure ISE for Microsoft Azure AD. |
Step 4 | Create an ISE identity source. | The identity source enables ISE to communicate with the Secure Firewall Management Center. See How to Configure ISE/ISE-PIC for User Control Using a Realm. |
Step 5 | Get the information required to configure your Microsoft Azure AD realm. | This information includes client and tenant IDs, client secret, and other information store in Microsoft Azure AD. |
Step 6 | Configure and verify your realm. | Test the realm's configuration before you start to use it in access control policies. |
Step 7 | Create access control policies and rules using your Microsoft Azure AD realm. | Unlike other types of realms, you do not need to create an identity policy or associate the identity policy with an access control policy. See Creating a Basic Access Control Policy and Create and Edit Access Control Rules. |