Mirket Help Center
  • Mirket Help Center
    • End User License Agreement
    • Privacy Policy
    • Mirket On Premise
      • Mirket Installation
        • Mirket MFA Installation Requirements
        • Mirket Installation Steps
      • Mirket Admin Panel
        • Dashboard
        • Admin Accounts Configuration
        • User Management
          • Local Users Configuration
          • Local Group Configuration
          • Ldap Users
          • LDAP Group Configuration
        • Rules
          • Radius Rules
            • Radius Clients
            • Radius Rules
            • Authorization Profiles
          • RDP Rules
          • OWA Rules
          • API Rules
            • API Docs
        • Providers
          • Approve / Deny
          • Mirket OTP
          • TOTP
          • SMS Providers
          • Pauth
          • Pauth or Approve/Deny
          • Bypass
        • Logging
          • Radius Logging
          • RDP Logging
          • OWA Logging
          • API Logging
        • Reports
        • Settings
          • General Settings
          • Syslog Settings
          • Notification Settings
          • License
        • Mirket Upgrade Process
      • Mirket Agents
        • Mirket RDP Agent
        • Mirket OWA Agent
      • Mirket MFA App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
        • User not found on logs even user exist
        • Global Protect authentication happened two time while using RADIUS
        • User is not withdrawn from LDAP.
        • Fortigate SSL VPN timeout
        • Provider not found error
        • How to install SSL certificate to Mirket
        • Can a Palo Alto be set up to forward client IP addresses to Mirket?
        • SMS not sent to the phone number
      • Release Notes
        • Mirket Version 4.1.2
        • Mirket Version 4.0.6
        • Mirket Version 4.0.0
        • Mirket Version 3.9.2
    • Mirket SAAS Platform
      • Mirket Gateways Installation Requirements
      • Mirket Portal
        • Dashboard
        • Administration
        • Users
          • LDAP Users
          • Local Users
        • Groups
        • External Sources
          • Active Directory
          • Entra ID (Azure AD)
        • Authentication
          • Radius Rules
          • Proxy Rules
          • OWA Rules
          • ADFS
            • ADFS Management
            • ADFS Agent
          • Custom API
          • OS Logon
            • OS Logon Management
            • OS Logon Agent
        • User Portal
          • User Portal Management
          • User Portal Login Page
          • User Portal Dashboard
        • Connector
          • Radius Gateways
          • LDAP Gateways
          • Proxy Gateways
        • SMS Providers
        • Settings
          • General Settings
          • Syslog
          • Attribute Profiles
      • Monitor
        • Audit Logs
        • Radius Logs
        • Proxy Logs
        • OWA Logs
        • User Portal
        • ADFS Logs
        • OS Logon Logs
      • Mirket Mobile App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
      • Release Notes
Powered by GitBook
On this page
  • General Overview
  • Preparation Steps
  • Configuring Cisco ISE
  • Configure Mirket
  • Add a Cisco ISE as Resource in Mirket with Mirket Raadius Gateway
  • User and Group configuration on Mirket
  • Add a Radius Rules to Mirket
  • Test the Integration
  1. Mirket Help Center
  2. Mirket On Premise
  3. Integrations

Cisco ISE RADIUS Integration

PreviousCisco ASA IntegrationNextCheckpoint SSL VPN Integration

Last updated 1 month ago

General Overview

This guide explains the configuration of multi-factor authentication (MFA) for Cisco ISE utilizing Mirket as the identity provider.

Cisco ISE offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

Preparation Steps

Before proceeding with these procedures, ensure the following:

  • You've completed the installation and configuration of the Mirket (go to Mirket Installation Steps).

  • Cisco ISE initialization configuration has been completed.

Configuring Cisco ISE

  • Access your Cisco ISE server. Then click on the menu icon positioned on the upper left side.

  • Go to Administration > Identity Management > External Identity Sources.

  • Select the RADIUS Token and click on the Add option.

  • Enter a name for the RADIUS token identity source in the Name field. For this instance, we designated the identity source as MirketGW.

  • Select the Connection tab.

  • Input the IP address of the Mirket (Radius Server) in the Host IP field, under the Primary Server section. For this instance, the IP address stands at 192.168.1.100.

  • Input a shared secret key to communicate with the RADIUS server (Mirket Radius) in the Shared Secret field. In Mirket use this same secret key when configuring a RADIUS client resource.

  • Keep the remaining settings as default values.

  • Then click on Submit to save your RADIUS token identity source settings.

  • Click on the menu icon positioned in the upper left side and go to Administration > System > Admin Access > Authentication.

  • Select the Authentication Method tab. Then choose the Password Based radio box in the Authentication Type section.

  • Choose the RADIUS token identity source you previously created from the Identity Source dropdown list.

  • Then click on Save to confirm settings.

Configure Mirket

To enable Mirket to receive authentication requests from Cisco ISE, follow these steps:

  • Define Cisco ISE as a RADIUS client resource within Mirket.

  • Create an authentication policy for the Cisco ISE RADIUS client resource or include it in an existing authentication policy.

  • Attach the Cisco ISE resource to the Mirket Radius.

Add a Cisco ISE as Resource in Mirket with Mirket Raadius Gateway

Before starting, ensure that you have installed Mirket Radius Gateway. To add a Radius Client to the Mirket Radius Gateway, follow these steps:

  • First, navigate to the directory C:\MirketRadius and open the config.json file.

  • Fill in the gateway and radiusClientList fields according to the provided specifications to ensure accurate and secure network configuration.

    • samName: Enter the SAM name of the gateway. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls. Please provide your domain name, such as 'mirket'.

    • authenticationPort: Enter the authentication port value you set for the gateway. The default value is 1812.

    • accountingPort: Enter the accounting port value you specified for the gateway. The default value is 1813.

    • gatewayIp: Enter the IP address of the server where the Mirket is installed.

    • ipAddress: Enter the IP address of your firewall.

    • secretKey: Enter your secret key. This secret key is used to link your radius client and radius server, so ensure they are identical.

  • Once you've made the necessary changes to the config.json file, save and close it. Note: You can add multiple RADIUS clients.

  • After completing the configuration, restart the 'Mirket Radius Gateway Service'.

User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

  • Create a Local Group to add users manually.

  • Add local Mirket users manually.

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

  • Create a LDAP group to include LDAP users.

  • Sync users from an external user database.

Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

  • Select Rules > Radius Rules.

  • Click on Add New.

  • Enter a rule name in the Name field.

  • Enter the rule description in the Description field.

  • Select the group to which the rule applies from the Group dropdown list.

  • Select the provider to which the rule applies from the Provider dropdown list.

  • Select the authorization profile to which the rule applies from the Authorization dropdown list.

  • Click on Save to confirm settings.

Test the Integration

To validate the integration between Mirket MFA and your Cisco ISE, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

  • Go to the Cisco ISE URL in a web browser. Then choose the RADIUS token identity source you created in the Configure Cisco ISE section from the Identity Source dropdown list.

  • Enter your Mirket username in the Username field.

  • Input your password in the Password field.

  • Click on Login. Then, select the 'Approve' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

Related Topics

Radius Clients

Radius Rules

Local Group Configuration

Local Users Configuration

LDAP Group Configuration

LDAP Users