How to Create a Microsoft Azure AD Realm for Passive Authentication
This topic discusses the high-level tasks of creating a Microsoft Azure AD (SAML) realm for passive authentication use with the Cisco Security Cloud Control.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 | Enable the Cisco Secure Dynamic Attributes Connector. | The Cisco Secure
Dynamic Attributes Connector is required to use a realm. You can do it first or you can enable it when you create the realm. . |
Step 2 | Configure Microsoft Azure AD. | Several configuration tasks are required, including setting up an event hub, giving your application permission to the Microsoft Graph API, and enabling the audit log. See Configure Microsoft Azure Active Directory for Passive Authentication. |
Step 3 | Configure Cisco ISE. | The way you configure ISE depends on how users authenticate with your system. For more information, see How to Configure ISE for Microsoft Azure AD (SAML)Microsoft Azure AD. |
Step 4 | Create a Cisco ISE identity source. | The identity source enables ISE to communicate with the Secure Firewall Management Center. |
Step 5 | Get the information required to configure your Microsoft Azure AD realm. | This information includes client and tenant IDs, client secret, and other information store in Microsoft Azure AD. |
Step 6 | Configure and verify your realm. | Test the realm's configuration before you start to use it in access control policies. Create a Microsoft Azure AD (SAML) realm as discussed in Create a Microsoft Azure AD (SAML) Realm |
Step 7 | Create access control policies and rules using your Microsoft Azure AD (SAML) realm. | Unlike other types of realms, you do not need to create an identity policy or associate the identity policy with an access control policy. See Creating a Basic Access Control Policy and Create and Edit Access Control Rules. |
What to do next
See About Azure AD and Cisco ISE with Resource Owned Password Credentials.