> For the complete documentation index, see [llms.txt](https://docs.mirketsecurity.com/mirket-help-center/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mirketsecurity.com/mirket-help-center/mirket-help-center/mirket-on-premise/integrations/cisco-ise-radius-integration.md).

# Cisco ISE RADIUS Integration

## General Overview

This guide explains the configuration of multi-factor authentication (MFA) for Cisco ISE utilizing Mirket as the identity provider. 

Cisco ISE offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

## Preparation Steps

Before proceeding with these procedures, ensure the following:

* You've completed the installation and configuration of the Mirket (go to <mark style="color:blue;">Mirket Installation Steps</mark>).
* Cisco ISE initialization configuration has been completed.

## Configuring Cisco ISE

* Access your Cisco ISE server. Then click on the menu icon positioned on the upper left side.

<figure><img src="/files/yLuNlYKtUk95xqMv34zK" alt=""><figcaption></figcaption></figure>

* Go to **Administration > Identity Management > External Identity Sources**.

<figure><img src="/files/KTh2xQFO1lnWNGJeNnpo" alt=""><figcaption></figcaption></figure>

* Select the **RADIUS Token** and click on the **Add** option.

<figure><img src="/files/7yYYcpIQXF22p3X7o7dJ" alt=""><figcaption></figcaption></figure>

* Enter a name for the RADIUS token identity source in the **Name** field. For this instance, we designated the identity source as MirketGW.

<figure><img src="/files/NGgHuzsDl6b6d0hbzdZd" alt=""><figcaption></figcaption></figure>

* Select the **Connection** tab.
* Input the IP address of the Mirket (Radius Server) in the **Host IP** field, under the **Primary Server** section. For this instance, the IP address stands at **192.168.1.100**.
* Input a shared secret key to communicate with the RADIUS server (Mirket Radius) in the **Shared Secret** field. In Mirket use this same secret key when [configuring a RADIUS client resource](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/rules/radius-rules/radius-clients.md).
* Keep the remaining settings as default values.&#x20;

<figure><img src="/files/TNTNYoELJdkaqAjLKiSf" alt=""><figcaption></figcaption></figure>

* Then click on Submit to save your RADIUS token identity source settings.
* Click on the menu icon positioned in the upper left side and go to **Administration > System > Admin Access > Authentication**.
* Select the **Authentication Method** tab. Then choose the **Password Based** radio box in the **Authentication Type** section.
* Choose the RADIUS token identity source you previously created from the **Identity Source** dropdown list.

<figure><img src="/files/JbCyWXJK0r7OSnSJOaFb" alt=""><figcaption></figcaption></figure>

* Then click on **Save** to confirm settings.

## Configure Mirket

To enable Mirket to receive authentication requests from Cisco ISE, follow these steps:

* Define Cisco ISE as a RADIUS client resource within Mirket.
* Create an authentication policy for the Cisco ISE RADIUS client resource or include it in an existing authentication policy.
* Attach the Cisco ISE resource to the Mirket Radius.

### Add a Cisco ISE as Resource in Mirket with Mirket Raadius Gateway

Before starting, ensure that you have installed Mirket Radius Gateway. To add a Radius Client to the Mirket Radius Gateway, follow these steps:

* First, navigate to the directory `C:\MirketRadius` and open the `config.json` file.&#x20;

<figure><img src="/files/khJnvyWEAXx5jWcEuaAR" alt=""><figcaption></figcaption></figure>

* Fill in the <kbd>gateway</kbd> and <kbd>radiusClientList</kbd> fields according to the provided specifications to ensure accurate and secure network configuration.
  * **samName**: Enter the SAM name of the gateway. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls. Please provide your domain name, such as 'mirket'.
  * **authenticationPort**: Enter the authentication port value you set for the gateway. The default value is 1812.
  * **accountingPort**: Enter the accounting port value you specified for the gateway. The default value is 1813.
  * **gatewayIp**: Enter the IP address of the server where the Mirket is installed.
  * **ipAddress**: Enter the IP address of your firewall.
  * **secretKey**: Enter your secret key. This secret key is used to link your radius client and radius server, so ensure they are identical.

<figure><img src="/files/XXashWhbXtFHLbzzPqP3" alt=""><figcaption></figcaption></figure>

* Once you've made the necessary changes to the config.json file, save and close it. **Note**: You can add multiple RADIUS clients.
* After completing the configuration, restart the 'Mirket Radius Gateway Service'.

<figure><img src="/files/JrQvFsUxyh98qTV1Iq1G" alt=""><figcaption></figcaption></figure>

### User and Group configuration on Mirket&#x20;

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

* [Create a Local Group to add users manually.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-group-configuration.md)
* [Add local Mirket users manually.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-users-configuration.md)

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

* [Create a LDAP group to include LDAP users.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-group-configuration.md)
* [Sync users from an external user database.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-users.md)

### Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

* Select **Rules > Radius Rules**.
* Click on **Add New**.
* Enter a rule name in the **Name** field.
* Enter the rule description in the **Description** field.
* Select the group to which the rule applies from the **Group** dropdown list.
* Select the provider to which the rule applies from the **Provider** dropdown list.
* Select the authorization profile to which the rule applies from the **Authorization** dropdown list.
* Click on **Save** to confirm settings.

<figure><img src="/files/7Uv7QU23e3tky2Pa5LAu" alt=""><figcaption></figcaption></figure>

### Test the Integration

To validate the integration between Mirket MFA and your Cisco ISE, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

* Go to the Cisco ISE URL in a web browser. Then choose the RADIUS token identity source you created in the[ Configure Cisco ISE ](#configuring-cisco-ise)section from the **Identity Source** dropdown list.

<figure><img src="/files/F0621mbDYjVbTWNQi8Yb" alt=""><figcaption></figcaption></figure>

* Enter your Mirket username in the **Username** field.
* Input your password in the **Password** field.
* Click on **Login**. Then, select the '**Approve**' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

#### Related Topics

[Radius Clients](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/rules/radius-rules/radius-clients.md)

[Radius Rules](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/rules/radius-rules.md)

[Local Group Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-group-configuration.md)

[Local Users Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-users-configuration.md)

[LDAP Group Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-group-configuration.md)

[LDAP Users](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-users.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.mirketsecurity.com/mirket-help-center/mirket-help-center/mirket-on-premise/integrations/cisco-ise-radius-integration.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.