https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498746#M539380 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>I was testing multiple scenarios for external (AD) admin access. As per <A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_0110.html" title="http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_0110.html">Cisco Identity Services Engine Administrator Guide, Release 1.4 - Manage Administrators and Admin Access Policies [Cisc…</A></P><P>we have two types of external admin access:</P><P></P><P>1. external authentication and external authorization</P><P>2. external authentication and internal authorization</P><P></P><P>First one is clear for me and works without any problem, but I tried to test second one where we don't need to create RBAC policies for external admin groups. Here the problem comes. I am not able to successfully login unless I create RBAC policy with the <SPAN style="text-decoration: underline;">external</SPAN> identity group as a condition (internal doesn't work). As per the documentation, there is no need to create such policy. I tested this in 1.4 and 2.0 - the same result.</P><P>Did I misunderstand something in the documenation or this is new bug?</P><P></P><P>Thanks,</P><P>Veronika</P></BODY></HTML> Thu, 17 Mar 2016 10:29:20 GMT vchrenek 2016-03-17T10:29:20Z https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498746#M539380 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>I was testing multiple scenarios for external (AD) admin access. As per <A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_0110.html" title="http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_0110.html">Cisco Identity Services Engine Administrator Guide, Release 1.4 - Manage Administrators and Admin Access Policies [Cisc…</A></P><P>we have two types of external admin access:</P><P></P><P>1. external authentication and external authorization</P><P>2. external authentication and internal authorization</P><P></P><P>First one is clear for me and works without any problem, but I tried to test second one where we don't need to create RBAC policies for external admin groups. Here the problem comes. I am not able to successfully login unless I create RBAC policy with the <SPAN style="text-decoration: underline;">external</SPAN> identity group as a condition (internal doesn't work). As per the documentation, there is no need to create such policy. I tested this in 1.4 and 2.0 - the same result.</P><P>Did I misunderstand something in the documenation or this is new bug?</P><P></P><P>Thanks,</P><P>Veronika</P></BODY></HTML> Thu, 17 Mar 2016 10:29:20 GMT https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498746#M539380 vchrenek 2016-03-17T10:29:20Z https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498747#M539381 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>Anyone experienced the same issue as me?</P><P></P><P>Thanks,</P><P>Veronika</P></BODY></HTML> Mon, 21 Mar 2016 07:27:52 GMT https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498747#M539381 vchrenek 2016-03-21T07:27:52Z https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498748#M539382 <HTML><HEAD></HEAD><BODY><P>I believe this is on a customer case. If so, please contact me offline for further discussions.</P><P></P><P>External auth with internal authorization is for token-based authentications, such as using RSA.</P></BODY></HTML> Mon, 21 Mar 2016 19:05:11 GMT https://community.cisco.com/t5/network-access-control/ise1-4-external-admin-access/m-p/3498748#M539382 hslai 2016-03-21T19:05:11Z