About Azure AD and Cisco ISE with Resource Owned Password Credentials

The following figure summarizes an Azure AD realm with Cisco ISE and resource owned password credentials (ROPC):

Using Resource Owned Password Credenials with Cisco ISE means authentication is an exchange of client ID, client secret, user name, and password followed by user sessions sent from Cisco ISE

With ROPC,

  1. The user logs in with a user name (or email address) and password using a VPN client like Cisco Secure Client.

  2. The client ID, client secret, user name, password, and scopes are sent to Azure AD.

  3. Tokens are sent from Azure AD to Cisco ISE, which sends user sessions to the cloud-delivered Firewall Management Center.

For details about configuring Cisco ISE, see Configure ISE 3.0 REST ID with Azure Active Directory.

Additional resource: Microsoft identity platform and OAuth 2.0 Resource Owner Password Credentials on learn.microsoft.com.