08-17-2021 06:02 AM
In review of the Cisco documentation regarding enabling AD or LDAP authentication for Admin access to the ISE
cisco.com/c/en/us/support/docs/security/identity-services-engine/200891-Understanding-Admin-Access-and-RBAC-Poli.html#anc7
We have both AD and LDAP Authentication working for Remote Access users; however, we would also like AD or LDAP for Admin Access to the ISE. We have both authentication types working and we have granular control of the group that is used and the users defined within the group that we want to provide Admin Access to. Before we enable AD or LDAP our concern is regarding what might happen if the AD or LDAP services become unreachable? Does / will the ISE fail back to local authentication if these services are unreachable? The ISE allow us to defined a primary authentication method but not a secondary method, at least not that we can find. Thanks!
Solved! Go to Solution.
08-17-2021 10:43 AM
Hi @rogg,
When you enable AD authentication for Admin access, on initial login page you'll get additional filed, to select to which system you want to login - configured AD or local. Having this said, it is clear that you'll still be able to authenticate with local accounts, in case AD is unavailable.
BR,
Milos
08-17-2021 10:43 AM
Hi @rogg,
When you enable AD authentication for Admin access, on initial login page you'll get additional filed, to select to which system you want to login - configured AD or local. Having this said, it is clear that you'll still be able to authenticate with local accounts, in case AD is unavailable.
BR,
Milos
08-18-2021 07:41 AM
Thank you, that was not obvious from the documentation. I just could not bring myself to click submit without the fear of locking myself out. Appreciate the guidiance!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: