How to Create a Microsoft Azure AD Realm
This topic discusses the high-level tasks of creating a realm for passive authentication use with the Cisco Defense Orchestrator.
Procedure
| Command or Action | Purpose | |
|---|---|---|
Step 1 | Enable the Cisco Secure Dynamic Attributes Connector. | The Cisco Secure
Dynamic Attributes Connector is required to use a realm. You can do it first or you can enable it when you create the realm. . |
Step 2 | Configure Microsoft Azure AD. | Several configuration tasks are required, including setting up an event hub, giving your application permission to the Microsoft Graph API, and enabling the audit log. |
Step 3 | Configure Cisco ISE. | The way you configure ISE depends on how users authenticate with your system. For more information, see How to Configure ISE for Microsoft Azure AD. |
Step 4 | Create a Cisco ISE identity source. | The identity source enables ISE to communicate with the Secure Firewall Management Center. |
Step 5 | Get the information required to configure your Microsoft Azure AD realm. | This information includes client and tenant IDs, client secret, and other information store in Microsoft Azure AD. |
Step 6 | Configure and verify your realm. | Test the realm's configuration before you start to use it in access control policies. |
Step 7 | Create access control policies and rules using your Microsoft Azure AD (SAML) realm. | Unlike other types of realms, you do not need to create an identity policy or associate the identity policy with an access control policy. See Creating a Basic Access Control Policy and Create and Edit Access Control Rules. |
What to do next
See About Azure AD and Cisco ISE with Resource Owned Password Credentials.