topic Sure, we commonly use EAP in Network Access Control https://community.cisco.com/t5/network-access-control/ise-policy-set-machine-user/m-p/2671377#M55346 <P>Sure, we commonly use EAP chaining to address this use case. Please see "<A href="http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-82_Deploy_EAP_Chaining.pdf" style="color: rgb(102, 51, 153); font-family: arial, helvetica, sans-serif; font-size: 11px; line-height: normal;" target="_blank">HowTo: EAP Chaining Deployment Configurations</A>" on the ISE Design Guide page.&nbsp;</P><P>Specifically see the section beginning on page 15 which describes:</P><P style="margin-left: 40px;">In this example, these rules will be defined based on the EAP-Chaining results:</P><P style="margin-left: 80px;">• If both user and machine both succeeded</P><P style="margin-left: 80px;">• If user succeeded and machine failed</P><P style="margin-left: 80px;">• No chaining is supported</P> Sun, 31 May 2015 17:39:49 GMT Marvin Rhoads 2015-05-31T17:39:49Z ISE policy set (Machine+user) https://community.cisco.com/t5/network-access-control/ise-policy-set-machine-user/m-p/2671376#M55345 <P>Is there any way to create authorization rule that combine both machine and user identity groups in one rule?</P><P>for example, authorization profile match only if computer in external identity X and username in external identity group Y.</P> Mon, 11 Mar 2019 05:46:02 GMT https://community.cisco.com/t5/network-access-control/ise-policy-set-machine-user/m-p/2671376#M55345 ibrahim_hassan 2019-03-11T05:46:02Z Sure, we commonly use EAP https://community.cisco.com/t5/network-access-control/ise-policy-set-machine-user/m-p/2671377#M55346 <P>Sure, we commonly use EAP chaining to address this use case. Please see "<A href="http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-82_Deploy_EAP_Chaining.pdf" style="color: rgb(102, 51, 153); font-family: arial, helvetica, sans-serif; font-size: 11px; line-height: normal;" target="_blank">HowTo: EAP Chaining Deployment Configurations</A>" on the ISE Design Guide page.&nbsp;</P><P>Specifically see the section beginning on page 15 which describes:</P><P style="margin-left: 40px;">In this example, these rules will be defined based on the EAP-Chaining results:</P><P style="margin-left: 80px;">• If both user and machine both succeeded</P><P style="margin-left: 80px;">• If user succeeded and machine failed</P><P style="margin-left: 80px;">• No chaining is supported</P> Sun, 31 May 2015 17:39:49 GMT https://community.cisco.com/t5/network-access-control/ise-policy-set-machine-user/m-p/2671377#M55346 Marvin Rhoads 2015-05-31T17:39:49Z