06-13-2023 05:40 PM
I set the account period expiration setting for ISE TACACS users.
And when i check the csv file, i can see see the expiration period set.
But when I add ISE admin user via TACACS user and check the csv file again, the expiration date is deleted.
1. I want to set an account expiration period for both ISE admin user and TACACS user for the account I added through this TACACS user, how can I do it?
2. when i add admi user by tacacs users, the admin user was locked the after day.
(the Change password on next login option was disabled) <-I think it tis the reason
06-16-2023 12:45 PM
Sorry, but there is no "account period expiration" setting for Network Access User or Admin User. You will need to be more specific/accurate so we know exactly what you are changing.
I don't understand how you "add ISE admin user via TACACS user" since these are completely different user sets with different roles: Admin User (GUI) vs Network Access Users (TACACS). There is no import/export to CSV for ISE Admin Users.
Consider reading
Cisco ISE Device Administration Prescriptive Deployment Guide :
- Define Policy structure for device administration
- Creating Internal or External Identities
06-18-2023 05:25 PM
if i add the user from network users that is created the same day, there is no problem.
but, if i add admin user from [select from network users], the user is disabled the next day.
the disabled users is created 90 days ago. and i didnt check the 90days disable option on network users and admin users
06-23-2023 09:27 PM
@tjdwns4111 The screenshots Thomas shared are from ISE 3.2, which has more flexible options for account disablement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide