active directory

The video demonstrates Cisco ISE 1.3 capability to integrate with multiple Active Directory forest/domains. We will be joining our ISE deployment to three domains: two participate in two-way trust, and one being untrusted, and try to understand how a user is searched through different domains, and how search scope can be limited. We will also look at feature enhancements such as identity rewrite, user test authentication, diagnostic tool, and scope mode. At the end, we will see how an AD join point appear under Identity Source Sequence.

The video demonstrates Cisco ISE 1.3 capability to integrate with multiple Active Directory forest/domains. We will be joining our ISE deployment to three domains: two participate in two-way trust, and one being untrusted, and try to understand how a user is searched through different domains, and how search scope can be limited. We will also look at feature enhancements such as identity rewrite, user test authentication, diagnostic tool, and scope mode. At the end, we will see how an AD join point appear under Identity Source Sequence.

The video demonstrates how you can leverage user identity information within Cisco ASA FirePower and FireSight System as part of User Network Discovery. We will utilize AD User Agent to obtain user-to-IP mapping, and integrate to Active Directory to obtain user and group information. This information can be used to tie user identity to network traffic as well as including them in Access Control rules for access enforcement

The video demonstrates how you can leverage user identity information within Cisco ASA FirePower and FireSight System as part of User Network Discovery. We will utilize AD User Agent to obtain user-to-IP mapping, and integrate to Active Directory to obtain user and group information. This information can be used to tie user identity to network traffic as well as including them in Access Control rules for access enforcement

The video walks you through an installation of Cisco Context Directory Agent (CDA) server. We will start by prepping a non-domain admin service account for CDA to use to contact Windows Active Directory. We will then step through a virtual machine creation, software installation and patching. We will also spend some time on the CDA web interface. By the end of the lab, we will be able to have CDA monitor user AD login activities and create user-to-IP mapping information that we will leverage in the future videos. 

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

• Active Directory Integration
• Active Directory User Group Selection
• Identity Store Sequences

The video demonstrate steps to integrate Cisco ISE with Windows Active Directory to access user information for authentication and authorization. This is very similar to joining a computer to a domain, where ISE will become a domain computer. Once joined, ISE will have access to user attributes particularly information on group membership that is usually heavily used to determine user access privilege. Identity Source Sequence, on the other hand, is a list of Identity Sources in order of preference, which we also look at in this video.