Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1752
Views
0
Helpful
1
Replies

Differentiate BYOD for AD users vs Internal users

omadrile
Cisco Employee
Cisco Employee

‎02-20-2019 08:50 AM

Hi team,

After a guest user completing the self registering process and then an ISE admin user manually creating an Internal ISE db user with the same guest user credentials, I understand it's possible to go through the BYOD flow for those Internal users right? Now, assuming ISE has an external identity store i.e. Active Directory, and those AD users go through the BYOD flow as well. A way to differentiate both users could be using the Common Name as the certificate attribute and then checking whether the username belongs to a specific AD group or Internal User db... do you see any potential issue why this approach might not work? Any input would be appreciated, thanks!

Labels:
0 Helpful
1 Reply 1

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎03-23-2019 07:04 AM

Hi Omadrile,

 

As far as I know, You can play with the policies and Identity source sequence to fix this. Use the unique attributes for creating the policies.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents