Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

Is there any way could add conndiations of Passive ID ?

Go to solution
BAOHUA
Cisco Employee
Cisco Employee

‎08-06-2019 07:57 PM

Hi experts

    I have some questions about ISE Passive ID . 

    These is a customer they are using AD as external id source of ISE.  also they want to use passive id for any users who didn't enable dot1x feature but joined AD. 

     All these users by default they are belongs Domain user, didn't created any groups for classify.  they are using  AD attribute as classification condition as below : attribute shot.png

 

I was enabled passive id . when I select passive id as authorization condition. there are only two options could be use. username and group. 

image.png

my question : is there any way we could add attribute as the passive id conditions ? 

 

any reply will be appreciate. 

Preview file
16 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-07-2019 07:07 AM

You can select the join point name of your AD domain and select AD attribute just like 802.1X condition. It should work even for passive-id sessions.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-07-2019 07:07 AM

You can select the join point name of your AD domain and select AD attribute just like 802.1X condition. It should work even for passive-id sessions.

0 Helpful
Customers Also Viewed These Support Documents