https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3677074#M495872 Hi<BR /><BR />Yes you can do 1 rule in the authorization part. On your condition, you say AD Group OR ISE Identity group.<BR /><BR />Let me know if you need more assistance in creating the rule. Mon, 30 Jul 2018 02:20:03 GMT Francesco Molino 2018-07-30T02:20:03Z https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3676985#M495870 <P>Is it possible to do group mapping in ISE? I was able to do this in ACS and map an external AD group to an identity group when creating an access policy. Which would allow me to create a single authorization policy that would affect both internal and external users. I guess the terminologies might be different but I haven't been able to find anything to point me in the right direction.</P> Sun, 29 Jul 2018 16:54:10 GMT https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3676985#M495870 user1024 2018-07-29T16:54:10Z https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3677008#M495871 <P>With the use of OR in the policy conditions you can still do this just in a little bit different way.&nbsp;</P> <P>&nbsp;</P> <P>What version of ISE are you running? The policy is a bit different between 2.2 and 2.3.</P> Sun, 29 Jul 2018 19:47:13 GMT https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3677008#M495871 Cory Peterson 2018-07-29T19:47:13Z https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3677074#M495872 Hi<BR /><BR />Yes you can do 1 rule in the authorization part. On your condition, you say AD Group OR ISE Identity group.<BR /><BR />Let me know if you need more assistance in creating the rule. Mon, 30 Jul 2018 02:20:03 GMT https://community.cisco.com/t5/network-access-control/group-mapping-feature/m-p/3677074#M495872 Francesco Molino 2018-07-30T02:20:03Z