02-26-2014 07:12 AM - edited 03-10-2019 09:27 PM
Hello
Our customer wants to be authenticated on ISE 1.2 (as admin) against an external radius server (like ACS not microsoft). How could i do that ?
Is it possible while retaining internal admin users database in a sequence "external_radius or internal"
thank you in advance.
Best regards
02-26-2014 07:54 AM
Jean-Luc,
Sure thing!
Make sure your RADIUS Server is already added in the External Identity Sources. To do this, navigate to Administration > Identity Management > External Identity Sources:
From there, navigate to Administration > System > Admin Access. In the Authentication entry on the Left Menu, choose the Identity Source from the drop-down menu.
Click Save and Logout. You will now see a new Identity Source drop-down on the login page. From here you can select RADIUS or Internal.
This will allow local logins in case the RADIUS server is down for any reason.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
02-28-2014 02:30 AM
Hello Charles,
Many thanks for your help. That works fine !!
Best regards,
02-28-2014 04:51 AM
Great news! Glad this worked for you.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
01-15-2015 01:43 AM
External authentication is supported only with internal authorization:
When configuring Cisco ISE to provide administrator authentication using an external RSA SecurID identity store, administrator credential authentication is performed by the RSA identity store. However, authorization (policy application) is still done according to the Cisco ISE internal database. In addition, there are two important factors to remember that are different from External Authentication + External Authorization:
To create a new Cisco ISE administrator that authenticates via the external identity store, complete the following steps:
Step 1 Choose Administration > System > Admin Access > Administrators > Local Administrators.
The Administrators window appears, listing all existing locally defined administrators.
Step 2 Follow the guidelines at Creating a New Cisco ISE Administrator to ensure that the administrator username on the external RSA identity store is also present in Cisco ISE. Be sure to click the External option under Password.
Note Remember: you do not need to specify a password for this external administrator user ID, nor are you required to apply any specially configured external administrator group to the associated RBAC policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide