cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
3
Replies

ACS as an external radius server for ISE MyDevices admin access

snallabo
Cisco Employee
Cisco Employee

One of my customers use the ACS as an external radius server for ISE MyDevices admin access, this was the only method available for MyDevices admin access in ISE versions 1.1 , 1.2 and 1.3.

Is there a way to use AD, LDAP or some other external authentication server for the MyDevices admin access?

Local admin accounts are not allowed unless there is a waiver for specific reasons. 

3 Replies 3

hslai
Cisco Employee
Cisco Employee

Assuming MyDevices admin access meant to login to ISE MyDevices portal, AD and LDAP are supported and can be specified by the ID source sequence assigned to the portal. This support is there since ISE 1.1.1 so it's odd on your comment that ACS as an external RADIUS server the only method available for MyDevices.

If you meant other than accessing MyDevices portal, please detail how the access is done.

Thanks for the response below.

Do we have any external document showing the support of AD and LDAP that I can share with the customer?

Regards,

Siva

Sivakrishna Nallabothula - Network Consulting Engineer, AS

.:|:.:|:. CCIE #44247 (SP, DC), ITILv3

CISCO * 08041822281 | * snallabo@cisco.com<mailto:snallabo@cisco.com>

hslai
Cisco Employee
Cisco Employee

Employee Accounts in ISE Admin Guide says,


When you add users such as employees or contractors to Cisco ISE, either by using external identity stores or by creating internal users, you can authorize them to use their personal devices on your network.

Cisco ISE authenticates these users through a local database, or through external Lightweight Directory Access Protocol (LDAP) or Microsoft Active Directory (AD) identity stores.