Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
1
Helpful
2
Replies

Accessing Certificate Provisioning Portal Using Admin User

Go to solution
rezaalikhani
Level 4
Level 4

‎01-06-2024 09:50 AM - edited ‎01-06-2024 09:51 AM

Hi all;

One of the options for configuring the Certificate Provisioning Portal is to specify who can access it. Look at the following figure:

1000.png

As you can see above, it mentions that "User account with Super Admin privilege or ERS Admin privilege will have access to the portal". based on my understanding, users in the mentioned groups can access this portal without being explicitly specified in the "Choices" section. Right?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎01-06-2024 12:07 PM

Hello @rezaalikhani 

Nope - if you leave the Chosen column empty, then nobody has access to the Cert Prov Portal. The text comment you're referring to, is giving a hint about the permissions required for such a user in one of the Groups in the left-hand column. But I agree - it's a confusing sentence.

The default 'admin' ISE user account is an Admin Account.  The cert prov portal (let's call it CPP) requires an ISE Network Access User Account (not an ISE Admin Account) or an external AD group.

If you want to use ISE Internal Network Access User Accounts, then make those individual users ISE Admins as well. You can do that in simple steps:

  1. Create the Network Access User account - Administration > Identity Management > Users (if not already done)
  2. Ensure the user account is in a named User Group (e.g. Employees, or Staff)
  3. Navigate to Administration > System >Admin Access > Administrators > Admin Users
  4. Click the "+" Add Icon and choose "Select from Network Access Users"
  5. Select the User and then provide the Super Admin / ERS Admin priv level

View solution in original post

2 Replies 2

Go to solution
Arne Bier
VIP
VIP

‎01-06-2024 12:07 PM

Hello @rezaalikhani 

Nope - if you leave the Chosen column empty, then nobody has access to the Cert Prov Portal. The text comment you're referring to, is giving a hint about the permissions required for such a user in one of the Groups in the left-hand column. But I agree - it's a confusing sentence.

The default 'admin' ISE user account is an Admin Account.  The cert prov portal (let's call it CPP) requires an ISE Network Access User Account (not an ISE Admin Account) or an external AD group.

If you want to use ISE Internal Network Access User Accounts, then make those individual users ISE Admins as well. You can do that in simple steps:

  1. Create the Network Access User account - Administration > Identity Management > Users (if not already done)
  2. Ensure the user account is in a named User Group (e.g. Employees, or Staff)
  3. Navigate to Administration > System >Admin Access > Administrators > Admin Users
  4. Click the "+" Add Icon and choose "Select from Network Access Users"
  5. Select the User and then provide the Super Admin / ERS Admin priv level

Go to solution
rezaalikhani
Level 4
Level 4

‎01-06-2024 10:05 PM

Thanks for your reply; as always, very insightful.

0 Helpful
Customers Also Viewed These Support Documents