topic RSA on ISE login. in Network Access Control https://community.cisco.com/t5/network-access-control/rsa-on-ise-login/m-p/3500567#M518144 <HTML><HEAD></HEAD><BODY><P>So, I see ISE supports RSA as of 2.1</P><P></P><P>So, I have instructions and such, but was wondering if it works on the login to ISE itself.</P><P></P><P>Basically, I don't need RSA for users into their PC, but for an admin logging into ISE itself.</P></BODY></HTML> Thu, 01 Feb 2018 21:46:15 GMT Dustin Anderson 2018-02-01T21:46:15Z RSA on ISE login. https://community.cisco.com/t5/network-access-control/rsa-on-ise-login/m-p/3500567#M518144 <HTML><HEAD></HEAD><BODY><P>So, I see ISE supports RSA as of 2.1</P><P></P><P>So, I have instructions and such, but was wondering if it works on the login to ISE itself.</P><P></P><P>Basically, I don't need RSA for users into their PC, but for an admin logging into ISE itself.</P></BODY></HTML> Thu, 01 Feb 2018 21:46:15 GMT https://community.cisco.com/t5/network-access-control/rsa-on-ise-login/m-p/3500567#M518144 Dustin Anderson 2018-02-01T21:46:15Z Re: RSA on ISE login. https://community.cisco.com/t5/network-access-control/rsa-on-ise-login/m-p/3500568#M518147 <HTML><HEAD></HEAD><BODY><P>Since Release 1.1.0, <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0101.html#ID766">Administrative Access to Cisco ISE Using an External Identity Store</A><SPAN style="font-size: 10pt;"> is available. Note that </SPAN></P><BLOCKQUOTE><TABLE border="1"><TBODY><TR><TD><SPAN style="margin-top: 12px; margin-bottom: 12px; font-family: inherit; font-size: 10pt; font-style: inherit;">External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for <STRONG>RSA SecurID</STRONG> authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.</SPAN></TD></TR></TBODY></TABLE></BLOCKQUOTE><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">ISE 2.1.0 added <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#id_19010">Authenticate Internal User Against External Identity Store Password</A></SPAN><SPAN style="font-size: 10pt;"> but CSCvb64350 documented that</SPAN></P><P></P><BLOCKQUOTE><TABLE border="1"><TBODY><TR><TD><SPAN style="color: #58585b; font-size: 10pt; font-family: CiscoSans, Arial, sans-serif;">If an internal user is configured with an external identity store for authentication, while logging in to the ISE Admin portal, the internal user must select the external identity store as the Identity Source. Authentication will fail if Internal Identity Source is selected.</SPAN></TD></TR></TBODY></TABLE></BLOCKQUOTE><P></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">CSCvg68768 is an enhancement for the above caveat.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Thu, 01 Feb 2018 22:39:10 GMT https://community.cisco.com/t5/network-access-control/rsa-on-ise-login/m-p/3500568#M518147 hslai 2018-02-01T22:39:10Z