cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1207
Views
0
Helpful
3
Replies

About ise user expiration date

tjdwns4111
Level 1
Level 1

I set the account period expiration setting for ISE TACACS users.

And when i check the csv file, i can see see the expiration period set.

But when I add ISE admin user via TACACS user and check the csv file again, the expiration date is deleted.

1. I want to set an account expiration period for both ISE admin user and TACACS user for the account I added through this TACACS user, how can I do it?

2. when i add admi user by tacacs users, the admin user was locked the after day.

(the Change password on next login option was disabled) <-I think it tis the reason

 
3 Replies 3

thomas
Cisco Employee
Cisco Employee

Sorry, but there is no "account period expiration" setting for Network Access User or Admin User. You will need to be more specific/accurate so we know exactly what you are changing.

I don't understand how you "add ISE admin user via TACACS user" since these are completely different user sets with different roles: Admin User (GUI) vs Network Access Users (TACACS).  There is no import/export to CSV for ISE Admin Users.

Consider reading
Cisco ISE Device Administration Prescriptive Deployment Guide :
- Define Policy structure for device administration
- Creating Internal or External Identities

Screenshot 2023-06-16 at 12.30.48 PM.png 

Screenshot 2023-06-16 at 12.31.09 PM.png


if i add the user from network users that is created the same day, there is no problem.

but, if i add admin user from [select from network users], the user is disabled the next day.

the disabled users is created 90 days ago. and i didnt check the 90days disable option on network users and admin users

 



tjdwns4111_0-1687134096809.png

 

hslai
Cisco Employee
Cisco Employee

@tjdwns4111 The screenshots Thomas shared are from ISE 3.2, which has more flexible options for account disablement.