https://community.cisco.com/t5/network-access-control/apply-sgt-based-on-policyid-group/m-p/3499156#M521158 <HTML><HEAD></HEAD><BODY><P>CDA and ISE Passive ID cannot assign an SGT today without a RADIUS authorization.&nbsp; External solutions can still leverage AD group info sent in log or pxGrid updates.</P></BODY></HTML> Tue, 03 Oct 2017 13:31:34 GMT Craig Hyps 2017-10-03T13:31:34Z https://community.cisco.com/t5/network-access-control/apply-sgt-based-on-policyid-group/m-p/3499155#M521151 <HTML><HEAD></HEAD><BODY><P>We have ISE 2.3 up to replace CDA for our WSA solution.&nbsp; PassiveID is working and pulling all user&lt;&gt;IP mappings and seeing the groups.&nbsp; We need to apply our created SGTs solely based on the PassiveID / AD groups from the users and are not having any luck.&nbsp; We've seen some documentation for older ISE versions but cannot recreate it in 2.3 with Policy Sets on.</P></BODY></HTML> Sun, 01 Oct 2017 14:35:21 GMT https://community.cisco.com/t5/network-access-control/apply-sgt-based-on-policyid-group/m-p/3499155#M521151 blroberts2 2017-10-01T14:35:21Z https://community.cisco.com/t5/network-access-control/apply-sgt-based-on-policyid-group/m-p/3499156#M521158 <HTML><HEAD></HEAD><BODY><P>CDA and ISE Passive ID cannot assign an SGT today without a RADIUS authorization.&nbsp; External solutions can still leverage AD group info sent in log or pxGrid updates.</P></BODY></HTML> Tue, 03 Oct 2017 13:31:34 GMT https://community.cisco.com/t5/network-access-control/apply-sgt-based-on-policyid-group/m-p/3499156#M521158 Craig Hyps 2017-10-03T13:31:34Z