https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/4954790#M1105627 <P>I found this in the FMC user guide:</P> <P>"In a multidomain deployment, external authentication objects are only available in the domain in which they are created"</P> <P>so it looks like it suposed to be suported. However, even though I can create an LDAP or Radius authentication object under the subdomain, it's not possible to login when I disable the global authentication object.</P> <P>Thanks</P> <P>/Chess</P> Tue, 07 Nov 2023 08:57:38 GMT Chess Norris 2023-11-07T08:57:38Z https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/4951000#M1105443 <P>Hello,</P> <P>We want to create subdomains in our FMC and add a specific FTD device to each subdomain.&nbsp;</P> <P>I have created two sub domains in the FMC and added one FTD device to each subdomain.</P> <P>It works when I create local users and assign them to a specific subdomai. Then the user can only edit the device that belong to the same subdomain as the user.</P> <P>However, when I log in as an external user, that user will always have access to the global domain. It doesn't matter if I edit the user and only assign the subdomain. As soon as the external user login, he have access to both the subdomain and the global domain.</P> <P>Is there away to map the external users to a specific subdomain or is it only possible with local users?</P> <P>Thanks</P> <P>/Chess</P> Mon, 30 Oct 2023 17:37:30 GMT https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/4951000#M1105443 Chess Norris 2023-10-30T17:37:30Z https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/4954790#M1105627 <P>I found this in the FMC user guide:</P> <P>"In a multidomain deployment, external authentication objects are only available in the domain in which they are created"</P> <P>so it looks like it suposed to be suported. However, even though I can create an LDAP or Radius authentication object under the subdomain, it's not possible to login when I disable the global authentication object.</P> <P>Thanks</P> <P>/Chess</P> Tue, 07 Nov 2023 08:57:38 GMT https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/4954790#M1105627 Chess Norris 2023-11-07T08:57:38Z https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/5088857#M1112086 <P>Hi, did you make it work? I have the exact requirement and cannot find a guide.</P> Fri, 03 May 2024 14:35:18 GMT https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/5088857#M1112086 jlgf 2024-05-03T14:35:18Z https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/5089675#M1112106 <P>Hi,</P> <P>No unfortunately I had to give up the idea of using multiple domains and instead use a separate FMC.</P> <P>There was a big issue with a IPSec tunnel that we needed to break before we could configuring multiple domains and we had a FTD on the other end of the VPN tunnel, managed by the FMC and we couldn’t break that tunnel.</P> <P>Multiple domains it's a great idea, but it should probably be implemented before you start managing FTD's.</P> <P>/Chess</P> Sat, 04 May 2024 13:14:59 GMT https://community.cisco.com/t5/network-security/fmc-multiple-domain-management-and-external-users/m-p/5089675#M1112106 Chess Norris 2024-05-04T13:14:59Z