Cisco Cisco Identity Services Engine 1.3
3
Configure an authentication policy and select Initial_Scope as the result for all authentications.
Figure 2: Initial_Scope Selected as the Result in Authentication Policy
By performing the above configurations, you created a scope that configures Cisco ISE to search for users in either company’s Active
Directory. Scope allows a network to authenticate against multiple Active Directory infrastructures, even if they are completely
disconnected and/or do not trust each other.
Directory. Scope allows a network to authenticate against multiple Active Directory infrastructures, even if they are completely
disconnected and/or do not trust each other.
Multiple Tenants
Scenario
For a multi-tenant scenario, you have to define the configuration for multiple customers: CompanyA, CompanyB, and CompanyC.
For each customer, you have to do the following:
For each customer, you have to do the following:
• Define independent network device groups.
• Define scopes that identity traffic may efficiently scan through.
• Configure and join independent Active Directory join points.
• Define authentication and authorization policy such that Active Directory identity traffic from these device groups is directed
to these Active Directory join points.
Required Configurations
To provide all the features required above:
22