Configure the Cisco Defense Orchestrator for Cross-Domain-Trust Step 1: Configure Realms and Directories

This is the first task in a step-by-step procedure that explains how to configure the CDO to recognize Active Directory servers configured in a cross-domain trust relationship, which is an increasingly common configuration for enterprise organizations. For an overview of this sample configuration, see Configure the CDO for Cross-Domain-Trust: The Setup.

Before you begin

You must configure Active Directory servers in a cross-domain trust relationship; see Realms and Trusted Domains for more information.

If you authenticate users with LDAP, you cannot use this procedure.

Procedure

Step 1

Log in to the CDO.

Step 2

Click System (system gear icon) > Integration > Realms.

Step 3

Click Add Realm.

Step 4

Enter the following information to configure forest.example.com .

To set up a realm, configure the required fields and click Test. Make sure the test is successful before you configure the directory.

Note

The Directory Username can be any user in the Active Directory domain; no special permissions are required.

The Interface used to connect to Directory server can be any interface that can connect to the Active Directory server.

Step 5

Proxy is an optional managed device or proxy sequence to communicate with ISE/ISE-PIC if CDO is unable to do so. For example, your CDO might be in a public cloud but the ISE/ISE-PIC server might be on an internal intranet.

Step 6

Click Test and make sure the test succeeds before you continue.

Step 7

Click Configure Groups and Users.

Step 8

If your configuration was successful, the next page is displayed similar to the following.

If you configured the realm and directory correctly, you'll see a list of users and groups.

Note

If groups and users were not downloaded, verify the values in the Base DN and Groups DN fields and click Load Groups.

There are other optional configurations available on this page; for more information about them, see Realm Fields and Realm Directory and Synchronize fields.

Step 9

If you made changes on this page or tab pages, click Save.

Step 10

Click System (system gear icon) > Integration > Realms.

Step 11

Click Add Realm.

Step 12

Enter the following information to configure eastforest.example.com .

To set up a realm, configure the required fields and click Test. Make sure the test is successful before you configure groups and users.

Step 13

Click Test and make sure the test succeeds before you continue.

Step 14

Click Configure Groups and Users.

Step 15

If your configuration was successful, the next page is displayed similar to the following.

If you configured the realm and directory correctly, you'll see a list of users and groups.