topic Re: ISE Create Policy for Authentication Using Source AD User Allow Li in Network Access Control

ISE Create Policy for Authentication Using Source AD User Allow List?

Lertpaiboon — Wed, 24 Aug 2022 08:19:39 GMT

I want to make a policy authentication for the assigned username list. I pulled the username list from MS Active Directory. I just require the Username that I specify; I do not require any other Usernames.

For example, there are 1000 total usernames in MS Active Directory, but I only require 500 of them, as defined.

----- Allow list For Authen ----
username : Dummy1
username : Dummy21
username : Dummy30
username : Dummy42
username : Dummy82

The remaining usernames cannot be authenticated.

How can policy authentication be created?

Re: ISE Create Policy for Authentication Using Source AD User Allow Li

balaji.bandi — Wed, 24 Aug 2022 08:43:52 GMT

Then I suggest is create a new group and add that 500 users to a new Group and using that group in ISE is the best option I see here.

Re: ISE Create Policy for Authentication Using Source AD User Allow Li

Walker — Wed, 24 Aug 2022 11:40:23 GMT

I am assuming you are using 802.1x for authentication. Are you using certificate authentication? If so, is there any distinct attribute that would identify these 500 users and not the others? Example, AD Groups, OU, or Location?