https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985275#M37395 <P>I'm looking to replace my CDA with ISE for transparent user auth for our WSA.</P> <P></P> <P>The thing that I'm seeing is when I want to add users and groups to an access policy, I cannot add AD Groups like I can with the CDA setup. I can only use SGT's. &nbsp;That's fine for wireless users who auth with dot1x because I can add the SGT based on AD group.</P> <P></P> <P>For wired users not using dot1x passive ID maps the user to the IP, and If I add the username to the access policy on the WSA it works, however these users don't have a SGT. Is there anyway to add a SGT to an AD group? Or anyway to make a policy on the WSA using an AD group with PassiveID and ISE?</P> Mon, 11 Mar 2019 07:16:09 GMT michaellperrin 2019-03-11T07:16:09Z https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985275#M37395 <P>I'm looking to replace my CDA with ISE for transparent user auth for our WSA.</P> <P></P> <P>The thing that I'm seeing is when I want to add users and groups to an access policy, I cannot add AD Groups like I can with the CDA setup. I can only use SGT's. &nbsp;That's fine for wireless users who auth with dot1x because I can add the SGT based on AD group.</P> <P></P> <P>For wired users not using dot1x passive ID maps the user to the IP, and If I add the username to the access policy on the WSA it works, however these users don't have a SGT. Is there anyway to add a SGT to an AD group? Or anyway to make a policy on the WSA using an AD group with PassiveID and ISE?</P> Mon, 11 Mar 2019 07:16:09 GMT https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985275#M37395 michaellperrin 2019-03-11T07:16:09Z https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985276#M37398 <P>Hello,</P> <P></P> <P>i have same problem, you solved this?</P> <P></P> <P>thanks</P> Wed, 19 Jul 2017 14:22:27 GMT https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985276#M37398 2017-07-19T14:22:27Z https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985277#M37399 <P>I heard it's coming to WSA, but not yet supported.</P> <P></P> <P></P> Wed, 19 Jul 2017 14:49:43 GMT https://community.cisco.com/t5/network-access-control/passive-id-security-group-tags/m-p/2985277#M37399 michaellperrin 2017-07-19T14:49:43Z