cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

2843
Views
0
Helpful
2
Replies
rogg
Beginner

Cisco ISE - Authentication of Admin Access?

In review of the Cisco documentation regarding enabling AD or LDAP authentication for Admin access to the ISE
cisco.com/c/en/us/support/docs/security/identity-services-engine/200891-Understanding-Admin-Access-and-RBAC-Poli.html#anc7 

 

We have both AD and LDAP Authentication working for Remote Access users; however, we would also like AD or LDAP for Admin Access to the ISE. We have both authentication types working and we have granular control of the group that is used and the users defined within the group that we want to provide Admin Access to. Before we enable AD or LDAP our concern is regarding what might happen if the AD or LDAP services become unreachable? Does / will the ISE fail back to local authentication if these services are unreachable? The ISE allow us to defined a primary authentication method but not a secondary method, at least not that we can find. Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Milos_Jovanovic
VIP Collaborator

Hi @rogg,

When you enable AD authentication for Admin access, on initial login page you'll get additional filed, to select to which system you want to login - configured AD or local. Having this said, it is clear that you'll still be able to authenticate with local accounts, in case AD is unavailable.

BR,

Milos

View solution in original post

2 REPLIES 2
Milos_Jovanovic
VIP Collaborator

Hi @rogg,

When you enable AD authentication for Admin access, on initial login page you'll get additional filed, to select to which system you want to login - configured AD or local. Having this said, it is clear that you'll still be able to authenticate with local accounts, in case AD is unavailable.

BR,

Milos

Thank you, that was not obvious from the documentation. I just could not bring myself to click submit without the fear of locking myself out. Appreciate the guidiance!

 

 

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards