About ise user expiration date

tjdwns4111 · ‎06-13-2023

I set the account period expiration setting for ISE TACACS users.

And when i check the csv file, i can see see the expiration period set.

But when I add ISE admin user via TACACS user and check the csv file again, the expiration date is deleted.

1. I want to set an account expiration period for both ISE admin user and TACACS user for the account I added through this TACACS user, how can I do it?

2. when i add admi user by tacacs users, the admin user was locked the after day.

(the Change password on next login option was disabled) <-I think it tis the reason

thomas · ‎06-16-2023

Sorry, but there is no "account period expiration" setting for Network Access User or Admin User. You will need to be more specific/accurate so we know exactly what you are changing.

I don't understand how you "add ISE admin user via TACACS user" since these are completely different user sets with different roles: Admin User (GUI) vs Network Access Users (TACACS). There is no import/export to CSV for ISE Admin Users.

Consider reading
Cisco ISE Device Administration Prescriptive Deployment Guide :
- Define Policy structure for device administration
- Creating Internal or External Identities

Screenshot 2023-06-16 at 12.30.48 PM.png

Screenshot 2023-06-16 at 12.31.09 PM.png

tjdwns4111 · ‎06-18-2023

if i add the user from network users that is created the same day, there is no problem.

but, if i add admin user from [select from network users], the user is disabled the next day.

the disabled users is created 90 days ago. and i didnt check the 90days disable option on network users and admin users

hslai · ‎06-23-2023

@tjdwns4111 The screenshots Thomas shared are from ISE 3.2, which has more flexible options for account disablement.