https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315291#M566498 <P>Thanks a lot for your answer.&nbsp;It is regrettable to hear about such shortcomings in a program created for precisely these purposes.</P><P>&nbsp;</P><P>But how about my second question? Can I customize the Mydevice Portal for adding combo-box with select a Endpoint Identity Group?</P> Mon, 29 Mar 2021 04:57:11 GMT vigogne 2021-03-29T04:57:11Z https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4314259#M566438 <P>Tell me please. Is it is possible to create an access policy for the MyDevices portal to allow access only to a certain group in AD?<BR />At the moment, I have done this way:</P><P>In the Identity Source Sequences at MyDevice_Portal_Sequence I left "Internal Users" Identity Source only. Then I added the Network Access User with the same name as in the AD Database and password type as AD Sequence.</P><P>It works, but it is very inconvenient and not flexible.</P><P>&nbsp;</P><P>And second question. How can I modify MyDevices Portal for add in standard form combo-box with selecting endpoint group?</P> Fri, 26 Mar 2021 05:45:04 GMT https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4314259#M566438 vigogne 2021-03-26T05:45:04Z https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315057#M566484 <P>Unfortunately you have stumbled upon an area that has frustrated many. As you found, the RBAC for the My devices portal is non existent, you map AD then everyone has access. This certainly is not an ideal situation for the vast majority of use cases. Compounding the issue, the portal is tied to a specific endpoint ID group, you need a portal per ID group you want to add endpoints in to. Due to this, it's almost always better to build an external portal leveraging the ERS APIs so you can do RBAC and endpoint ID group selction.&nbsp;<BR /><BR />If a portal per identity group doesn't deter you, then you can look at Craig's old guide on adding RBAC to the my devices portal.&nbsp;Craig's document is old, and full of 1.3 screenshots, so it looks different, but it's all still valid.&nbsp;<BR /><A href="https://community.cisco.com/t5/security-documents/ise-sponsor-amp-my-devices-authorization-on-secondary-attributes/ta-p/3641379" target="_blank">https://community.cisco.com/t5/security-documents/ise-sponsor-amp-my-devices-authorization-on-secondary-attributes/ta-p/3641379</A></P> Sun, 28 Mar 2021 00:09:22 GMT https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315057#M566484 Damien Miller 2021-03-28T00:09:22Z https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315291#M566498 <P>Thanks a lot for your answer.&nbsp;It is regrettable to hear about such shortcomings in a program created for precisely these purposes.</P><P>&nbsp;</P><P>But how about my second question? Can I customize the Mydevice Portal for adding combo-box with select a Endpoint Identity Group?</P> Mon, 29 Mar 2021 04:57:11 GMT https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315291#M566498 vigogne 2021-03-29T04:57:11Z https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315676#M566509 <P>It is not possible to add an identity group selection to the built in my devices portal, you need a unique portal per ID group.&nbsp;</P> Mon, 29 Mar 2021 19:54:28 GMT https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315676#M566509 Damien Miller 2021-03-29T19:54:28Z https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315915#M566513 <P>Weird flex, but ok )</P> Tue, 30 Mar 2021 05:50:44 GMT https://community.cisco.com/t5/network-access-control/access-policy-for-mydevices-portal/m-p/4315915#M566513 vigogne 2021-03-30T05:50:44Z