The ISE/ISE-PIC Identity Source
You can integrate your Cisco Identity Services Engine (ISE) or ISE Passive Identity Connector (ISE-PIC) deployment with the Firepower System to use ISE/ISE-PIC for passive authentication.
ISE/ISE-PIC is an authoritative identity source, and provides user awareness data for users who authenticate using Active Directory (AD), LDAP, RADIUS, or RSA. Additionally, you can perform user control on Active Directory users. ISE/ISE-PIC does not report failed login attempts or the activity of ISE Guest Services users.
The Firepower System does not support 802.1x machine authentication alongside Active Directory authentication because the system does not associate machine authentication with users. If you use 802.1x active logins, configure ISE to report only 802.1x active logins (both machine and user). That way, a machine login is reported only once to the system.
For more information on Cisco ISE/ISE-PIC, see the Cisco Identity Services Engine Administrator Guide and the Identity Services Engine Passive Identity Connector (ISE-PIC) Installation and Administrator Guide.