Create a Microsoft Azure AD realm for passive authentication
Create and configure a Microsoft Azure AD (SAML) (now called Entra ID) realm for passive authentication use with the Security Cloud Control.
This configuration enables passive authentication between Microsoft Entra ID and your firewall system through proper realm setup and access control policy integration.
Procedure
Step 1 | Configure Microsoft Entra ID. Several configuration tasks are required, including setting up an event hub, giving your application permission to the Microsoft Graph API, and enabling the audit log. See Configure Microsoft Entra ID for passive authentication. |
Step 2 | Configure Cisco ISE. The way you configure ISE depends on how users authenticate with your system. For more information, see Configure Cisco ISE for Microsoft Azure AD (SAML)Microsoft Azure AD. |
Step 3 | Create a Cisco ISE identity source. The identity source enables ISE to communicate with the Cloud-Delivered Firewall Management Center. |
Step 4 | Get the information required to configure your Microsoft Azure AD realm. This information includes client and tenant IDs, client secret, and other information store in Microsoft Entra ID. |
Step 5 | Configure and verify your realm. Test the realm's configuration before you start to use it in access control policies. Create a Microsoft Azure AD (SAML) realm as discussed in Create a Microsoft Azure AD (SAML) realm |
Step 6 | Create access control policies and rules using your Microsoft Azure AD (SAML) realm. Unlike other types of realms, you do not need to create an identity policy or associate the identity policy with an access control policy. See Creating a basic access control policy and Create and edit access control rules. |