Solved: Re: ISE external admin Data access

joeharb · ‎12-14-2018

I have created a new Policy for admin access. It references a Group in AD, I am able to login with out issues and have access to all menu's but I don't have access to some of the Data. For example I don't see any of the Endpoint or User Identity Groups. I have configured the policy for both Super Admin Menu and Data access, see image.

What am I missing?

Thanks,

Joe

hslai · ‎12-16-2018

CSCvd28829 is addressed in ISE 2.2 Patch 2 or above and ISE 2.3 FCS. Joe could run into it, if his setup just upgraded to ISE 2.2 and not yet patched to the latest.

View solution in original post

hslai · ‎12-15-2018

You may map AD groups to the built-in admin groups (see the attached screenshot), instead of creating new ones, although what you configured should have worked, too. Please engage Cisco TAC to troubleshoot.

Mohammed al Baqari · ‎12-15-2018

I have seen similar problem in version 2.3. It seemed to be a bug because all required permissions were allowed,

hslai · ‎12-16-2018

If an admin user matched to multiple ISE admin groups, then it could be either CSCvd20214 or CSCvk10156.

BigK · ‎12-16-2018

@joeharb

definitely a bug. See below

CSCvd28829

hslai · ‎12-16-2018

CSCvd28829 is addressed in ISE 2.2 Patch 2 or above and ISE 2.3 FCS. Joe could run into it, if his setup just upgraded to ISE 2.2 and not yet patched to the latest.

joeharb · ‎12-21-2018

This is a fresh install of 2.4.

hslai · ‎12-21-2018

Please try what I gave in my first response to your post. If that not helping, open a Cisco TAC support case and troubleshoot further.