About Entra ID and Cisco ISE with Resource Owned Password Credentials

The following figure summarizes an Azure AD (now called Entra ID) realm with Cisco ISE and resource owned password credentials (ROPC):

Using Resource Owned Password Credenials with Cisco ISE means authentication is an exchange of client ID, client secret, user name, and password followed by user sessions sent from Cisco ISE

With ROPC,

  1. The user logs in with a user name (or email address) and password using a VPN client like Cisco Secure Client.

  2. The client ID, client secret, user name, password, and scopes are sent to Entra ID.

  3. Tokens are sent from Entra ID to Cisco ISE, which sends user sessions to the Cloud-Delivered Firewall Management Center.

For details about configuring Cisco ISE, see Configure ISE 3.0 REST ID with Azure Active Directory.

Additional resource: Microsoft identity platform and OAuth 2.0 Resource Owner Password Credentials on learn.microsoft.com.