ISE & Duo Integration

Cisco ISE TME Pavan Gupta explains and demonstrates the many ways that ISE and Duo can be integrated to better secure your network! 00:00 Intro and Agenda 01:10 Zero Trust Network Access with ISE (in the Workplace) and Duo (for the Workforce) 03:37 What is MFA (Multi-Factor Authentication)? 04:51 Duo login process for the Workforce 05:30 ISE for the Workplace 06:00 ISE + Duo Coverage 06:58 ISE & Duo Integration Solution Scenarios 08:45 Protect ISE Admin UI with Duo Authentication Proxy (RADIUS Proxy) 10:38 Demo: ISE Admin UI with Duo MFA 11:27 - Add Users with Active Directory Sync 11:57 - Install & Configure Duo Authentication Proxy 13:53 - Configure AD Domain Controller 14:28 - AD Groups Sync 17:33 - Protect an Application: Cisco ISE RADIUS 19:07 - ISE RADIUS Proxy configuration to Duo 20:50 - duoadmin shadow user for superadmin access 22:39 Duo Single Sign-On with SAML 25:11 Demo: Protect ISE Admin UI with Duo Single Sign-On 28:37 - Active Directory Configuration for SSO 30:58 - Protect an Application: Generic SAML Service Provider 32:18 - Configure Duo as ISE SAML Identity Provider 34:20 - Add Duo Certificate to ISE Trusted Certificates 35:19 - Add Duo SAML Metadata to ISE 35:38 - Map SAML Groups to ISE Admins 37:26 - Login to ISE with Duo SAML SSO 38:15 Protect Network Device Admin Access with ISE and Duo 38:36 Advantages of Using ISE for Device Admin Access 41:05 Slido Questions 44:36 Demo: Network Device Admin Access (TACACS) with ISE & Duo 46:03 - Enable ISE Device Admin (TACACS) Service 46:21 - ISE Network Device Configuration 47:00 - ISE Device Admin Policy Set 48:08 - ISE TACACS Profiles & Command Sets 49:02 - Network Device TACACS Configuration 50:08 - Login to IOS CLI with Duo MFA 50:38 - ISE Device Admin (TACACS) LiveLog & Reports 53:00 Protecting Network Access with Duo 54:55 EAP Flow with ISE & Duo 56:25 Slido Question 57:50 Demo: Network Access with Duo 58:37 - ISE Policy Set 59:11 - Client Supplicant (Cisco Secure Client/AnyConnect NAM) Configuration with EAP-GTC 1:00:00 - Network Access Authentication with Duo 1:00:24 - Review Authentication in ISE 1:01:25 - Review Authentication in Duo 1:02:03 Protecting RA-VPN Access with Duo MFA 1:02:18 - Using Duo Auth Proxy flow 1:03:35 - Using Duo SAML flow 1:05:03 Demo: Protecting RA-VPN Access with Duo Auth Proxy 1:05:23 - ISE RA-VPN Policy Set 1:06:05 - ASA VPN Config 1:08:20 - VPN Client Connection & ISE Logs 1:09:08 Protecting ISE Web Portals Access with Duo MFA 1:09:26 - Duo Auth Proxy flow 1:10:20 - Duo SAML flow 1:11:43 Slide Poll Question 1:13:10 Demo: ISE Web Portals Access with Duo MFA 1:14:06 - with Duo Auth Proxy 1:15:16 - with SAML 1:18:14 Duo Security Compliance Policy with Duo Device Health App 1:20:28 ISE & Duo Compliance Comparison Resources: Duo Auth Proxy Reference: https://duo.com/docs/authproxy-reference ISE Integration Guides - Duo: https://cs.co/ise-guides#Duo Duo with Cisco ISE RADIUS: https://duo.com/docs/ciscoise-radius