topic Re: ISE Authorization Flow in Network Security

ISE Authorization Flow

naoki_Japan — Mon, 27 Sep 2021 09:01:55 GMT

I watched vide to learn how install the combination of machine and user authentication (dot1x) using ISE and AD.

And there is one things I am wandering regarding authorization flow.

In that video, he created two authorization (for machine authentication and for user authentication).

I do not understand why more than one authorization flows are processed.

Re: ISE Authorization Flow

Rob Ingram — Mon, 27 Sep 2021 09:12:15 GMT

Hi@naoki_Japan

The authorisation settings for the computer and the user are separate because different settings maybe applied. For example when the computer is booting up and is authenticated/authorised via ISE, you may wish to apply an DACL or SGT to limit the computer access to only AD Domain Controllers to authenticate and download group policies. When the user then connects, depending on their group membership you will likely apply a different DACL or SGT during the Authorisation process, granting full access to the network.

Re: ISE Authorization Flow

naoki_Japan — Mon, 27 Sep 2021 09:33:01 GMT

I think you are right. In the video, he set different conditions and policy (as you wrote).

In conclusion, only one authorization is processed at one time.

When PC is booting up, the computer authentication process takes place and

,when user logs in, the user authentication process does.

My understanding is right?

Re: ISE Authorization Flow

Rob Ingram — Mon, 27 Sep 2021 09:38:11 GMT

@naoki_Japan yes your understanding is correct, authorisation takes place separately, one for the computer and another for the user. As does authentication, the computer and user are also separately authenticated.

Re: ISE Authorization Flow

naoki_Japan — Tue, 28 Sep 2021 00:25:44 GMT

I appreciate your support!!!!