Cisco ISE Integration

SecTrail ile Cisco ISE

The compromise of user credentials poses a risk of unauthorized access to accounts. Nowadays, providing additional security measures to solve such issues is possible with the SecTrail authentication server.

In this document, you can find information about two-factor authentication with one-time passwords (SMS, email, SoftOTP) via SecTrail for Cisco ISE.

SecTrail Integration with Cisco ISE

Sectrail - Cisco ISE Flow — Sectrail – Cisco ISE Flow

Credentials are entered on the login screen of Cisco Firepower.
Cisco Firepower sends the information (username and password) to Cisco ISE.
User credentials are sent to SecTrail authentication server via RADIUS request through Cisco ISE.
SecTrail authentication server sends the RADIUS response to Cisco ISE after verifying the user's identity (such as Active Directory, Database, etc.). If the authentication is successful, SecTrail sends a one-time password to the address obtained from the user information in the database (AD, LDAP, Local) via SMS or email. An external SMS proxy or email server is used for sending. If SoftOTP (software token) is used, the password is generated through SecTrail Authenticator mobile application.
Cisco ISE forwards the response to Cisco Firepower, and if the response is successful, Cisco Firepower presents the second screen to the user.
The user enters the one-time password sent via SMS, email or generated by the SecTrail Authenticator mobile app as conveyed by SecTrail
Cisco Firepower sends the one-time password to Cisco ISE, and Cisco ISE forwards it to SecTrail as a RADIUS request.
SecTrail verifies the one-time password, sends the response to Cisco ISE. If the authentication is successful, Cisco ISE authorizes the user and sends the response back to Cisco Firepower.
Cisco Firepower grants access to the user and starts the session.