Meraki

Community

Access-Manager and Entra External ID ?

thomasthomsen
Kind of a big deal
2 hours ago
2 hours ago

Access-Manager and Entra External ID ?

Customer wants to have all their students in an Entra External ID, so they can set up the students, as a username, with their own current private email address, like somethingsomething@yahoo.com or whatever email you might privately have.

 

This would provide them with some better support options, when the students use the schools Microsoft products (as far as I understand).


But can you do EAP-TTLS with those users on Access-Manager ?
I do not think this it is possible to do this kind of "authentication" using Access-Manager, or ISE for that matter, towards an Entra External ID. - But do anyone know for sure ?

 

Currently, as a test, we have setup access-manager towards this "Entra External ID", and I do get all the groups and users listed when i do a sync. But I can never connect.

Access-manager just says "Failure/ Rejection info: Reason : An unexpected server error occurred." - That does not help a lot 🙂

 

And logs from the "Entra External ID" side ? - Well, said like Nate Bargatzes George Washington on SNL - "nobody knows".

But as mentioned , do anyone know if this is possible , and what could I be missing ?

 

Thanks

Thomas

0 Kudos
6 Replies 6
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
2 hours ago
2 hours ago

Deleted

0 Kudos
In response to Ryan_Miles
thomasthomsen
Kind of a big deal
an hour ago
an hour ago

Yeah, thats the guide we usually follow. - So you would be accurate in "thats what we are describing".
And it of course works other places where we have setup Access-Manager towards Entra (no-External) ID.
But have you setup this in your lab for Entra External ID or just Entra ID ?
https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview


I think, from what I have been able to gather, that there is something about sending an unencrypted password (inside the EAP) to the Entra External ID that is not allowed (a microsoft thing ?) .. or something to that fact.

No, I have not created a support case on this, I unfortunately do not have the time (in this case). - Sorry.

0 Kudos
In response to thomasthomsen
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
an hour ago
an hour ago

Ah, didn't notice the Entra External ID part. Don't think that is supported currently. 

In response to Ryan_Miles
thomasthomsen
Kind of a big deal
an hour ago
an hour ago

Yeah ... And I dont think that is supported on ISE either (and that would have been my first choice for authentication "engine", so to speak).
At least I cannot find any information on it regarding Cisco ISE (or for that matter Aruba Clearpass, so .... ).

0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
48m ago
48m ago

Access Manager is not supported with Entra External ID. 

 

We had a customer who'd been looking into this, and according to Cisco, it is not supported.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
thomasthomsen
Kind of a big deal
41m ago
41m ago

Yeah and I think ISE is the same thing. As far as I know. 😕

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.