History for Realms

Feature

Minimum Management Center

Minimum Threat Defense

Details

Microsoft Azure Active Directory (SAML) realms.

November 8, 2024

7.4.0

You can now use Microsoft Azure Active Directory (AD) realms for active and passive authentication:

  • Active authentication using Azure AD: Use Azure AD as a captive portal.

  • Passive authentication using Cisco ISE (introduced in Version 7.4.0): The management center gets groups from Azure AD and logged-in user session data from ISE.

We use SAML (Security Assertion Markup Language) to establish a trust relationship between a service provider (the devices that handle authentication requests) and an identity provider (Azure AD). For upgraded management centers, existing Azure AD realms are displayed as SAML - Azure AD realms.

Upgrade impact. If you had a Microsoft Azure AD realm configured before the upgrade, it is displayed as a SAML - Azure AD realm configured for passive authentication. All previous user session data is preserved.

New/modified screens: Integration > Other Integrations > Realms > Add Realm > SAML - Azure AD

New/modified CLI commands: none

See: Create a Microsoft Azure AD (SAML) Realm.

Proxy sequences.

Any

7.2.0

Similar to a realm sequence, a proxy sequence is one or more managed devices that can communicate with Cisco Security Cloud Control in the event Cisco Security Cloud Control cannot communicate with the LDAP or Active Directory server.

New/modified screens: Integration > Other Integrations > Realms > Proxy Sequence

Cross-domain trust for Active Directory domains.

Any

7.0.0

A grouping of Microsoft Active Directory (AD) domains that trust each other is commonly referred to as a forest. This trust relationship can enable domains to access each other's resources in different ways. For example, a user account defined in domain A can be marked as a member of a group defined in domain B.

The management center can get users from Active Directory forests for identity rules.

Realm sequences.

Any

6.7.0

A realm sequence is an ordered list of two or more realms to which to apply identity rules. When you associate a realm sequence with an identity policy, the Firepower System searches the Active Directory domains in order from first to last as specified in the realm sequence.

New/modified screens: Integration > Other Integrations > Realms > Realm Sequences

Realms for user control.

Any

Any

A realm is a connection between the management center either an Active Directory or LDAP user repository.